grains
grains是静态的,只有minion启动才加载 [root@salt-master ~]# salt '*' grains.items[root@salt-master ~]# salt '*' grains.get hwaddr_interfaces
salt-minion: ---------- eth1: 00:0c:29:38:1e:f7 lo: 00:00:00:00:00:00 [root@salt-master ~]# salt '*' grains.get hwaddr_interfaces:eth1 salt-minion: 00:0c:29:38:1e:f7[root@salt-master ~]# salt '*' grains.get ip_interfaces
salt-minion: ---------- eth1: - 192.168.1.201 - fe80::20c:29ff:fe38:1ef7 lo: - 127.0.0.1 - ::1[root@salt-master ~]# salt '*' grains.get ip_interfaces:eth1
salt-minion: - 192.168.1.201 - fe80::20c:29ff:fe38:1ef7pillar
存储在master端,存放需要提供给minion的信息 敏感信息 变量 其它任何数据 target和state使用打开pillar
pillar_roots: base: - /srv/pillar{% if grains['os'] == 'CentOS' %}
apache: httpd yum: yum yys: yys {% elif grains['os'] == 'Debian' %} apache: apache2 yum: apt-get {% endif %}[root@salt-master pillar]# salt '*' pillar.get apache
salt-minion: httpd [root@salt-master pillar]# salt '*' pillar.get yys salt-minion: yys [root@salt-master pillar]# salt 'salt-minion' pillar.get yum salt-minion: yumgrains VS pillar
用途不通:grains用于存储客户端的minion的基本数据信息,pillar用于存储master分配给minion的数据信息 存储区域不同:grains存储在minion端,pillar存储在master端 更新方式不同:grains在minion启动时进行更新也可以通过saltutil.sync_grains进行刷新,pillar存储在master端,使用saltutil.refresh_pillar进行刷新效率更高也更为灵活1.选择角色
这个是使用grains [root@salt-master pillar]# salt -G 'os:CentOS' test.ping salt-minion: Truepillar应用
[root@salt-master pillar]# vim roles.slsroles: web
[root@salt-master pillar]# vim top.sls
base:
'salt-minion': - nginx.nginx - packages - roles[root@salt-master pillar]# salt '*' saltutil.refresh_pillar
[root@salt-master pillar]# salt 'salt-minion' pillar.get roles salt-minion: web [root@salt-master pillar]# salt -I 'roles:web' test.ping salt-minion: True[root@salt-master pillar]# salt '*' -b 10 test.ping 每次执行10台
require:
require:本state执行需要先执行那些state require_in:与require相反 watch:除了require外,也会检测state状态 watch_in:与watch相反1.安装httpd
[root@salt-master salt]# vim sls_file/apache.slsapache:
pkg.installed: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://config_file/httpd.conf service.running: - enable: True - name: httpd [root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache salt-minion: ---------- ID: apache Function: pkg.installed Name: httpd Result: True Comment: The following packages were installed/updated: httpd Started: 23:12:47.966648 Duration: 18553.182 ms Changes: ---------- apr: ---------- new: 1.3.9-5.el6_2 old: apr-util: ---------- new: 1.3.9-3.el6_0.1 old: apr-util-ldap: ---------- new: 1.3.9-3.el6_0.1 old: httpd: ---------- new: 2.2.15-53.el6.centos old: httpd-tools: ---------- new: 2.2.15-53.el6.centos old: mailcap: ---------- new: 2.1.31-2.el6 old: ---------- ID: apache Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 23:13:06.522558 Duration: 7.874 ms Changes: ---------- ID: apache Function: service.running Name: httpd Result: False Comment: Service httpd has been enabled, and is dead Started: 23:13:06.531651 Duration: 138.213 ms Changes: ---------- httpd: TrueSummary
------------ Succeeded: 2 (changed=2) Failed: 1 ------------ Total states run: 3 [root@salt-master salt]# vim /etc/^C [root@salt-master salt]# vim config_file/ httpd.conf nginx/ script/ vsftpd.conf [root@salt-master salt]# vim config_file/httpd.conf [root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache [root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache salt-minion: ---------- ID: apache Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:13:43.435408 Duration: 222.893 ms Changes: ---------- ID: apache Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated Started: 23:13:43.660646 Duration: 12.437 ms Changes: ---------- diff: --- +++ @@ -133,7 +133,7 @@ # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 -Listen 80 +Listen 9999 # # Dynamic Shared Object (DSO) Support ---------- ID: apache Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is running Started: 23:13:43.673420 Duration: 69.659 ms Changes: ---------- httpd: TrueSummary
------------ Succeeded: 3 (changed=2) Failed: 0 ------------ Total states run: 3上面有一个报错因为我本身启动了nginx占用了80所以需要改一下httpd配置文件即可完成
调式:
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache test=True salt-minion: ---------- ID: apache Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:16:26.512596 Duration: 217.712 ms Changes: ---------- ID: apache Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: The file /etc/httpd/conf/httpd.conf is in the correct state Started: 23:16:26.732353 Duration: 2.549 ms Changes: ---------- ID: apache Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 23:16:26.735312 Duration: 26.744 ms Changes:Summary
------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3 [root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache test=True salt-minion: ---------- ID: apache Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:16:54.945258 Duration: 224.859 ms Changes: ---------- ID: apache Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: The file /etc/httpd/conf/httpd.conf is in the correct state Started: 23:16:55.172223 Duration: 2.861 ms Changes: ---------- ID: apache Function: service.running Name: httpd Result: None Comment: Service httpd is set to start Started: 23:16:55.175418 Duration: 18.232 ms Changes:Summary
------------ Succeeded: 3 (unchanged=1) Failed: 0 ------------ Total states run: 3不会真实执行调式完毕之后再执行
2.增加requisites [root@salt-master salt]# vim sls_file/apache.slsapache:
pkg.installed: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://config_file/httpd.conf - require: - pkg: apache#就是我取的这个id配置文件管理之前保证软件安装 service.running: - enable: True - name: httpd - watch:#检测状态改变执行重启 - pkg: apache#检测apache软件是否会有变化,有则执行重启 - file: apache#配置文件是否有变化,有则重启nginx:
pkg.installed: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://config_file/httpd.conf - require: - pkg: nginx#就是我取的这个id service.running: - enable: True - name: httpd - watch:#检测状态改变执行重启 - pkg: nginx#检测apache是否会有变化,有则执行重启 - file: nginx#配置文件是否有变化,有则重启 [root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache salt-minion: ---------- ID: nginx Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:30:25.526678 Duration: 213.372 ms Changes: ---------- ID: nginx Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 23:30:25.742436 Duration: 3.268 ms Changes: ---------- ID: nginx Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 23:30:25.746117 Duration: 25.382 ms Changes:Summary
------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3 可以看到apache只是一个id或者理解为名称[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion: ---------- ID: apache Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:26:30.382684 Duration: 216.614 ms Changes: ---------- ID: apache Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 23:26:30.601524 Duration: 2.687 ms Changes: ---------- ID: apache Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 23:26:30.604611 Duration: 26.028 ms Changes:Summary
------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3 [root@salt-master salt]# vim config_file/httpd.conf [root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache salt-minion: ---------- ID: apache Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:26:52.667503 Duration: 219.51 ms Changes: ---------- ID: apache Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated Started: 23:26:52.889209 Duration: 12.14 ms Changes: ---------- diff: --- +++ @@ -133,7 +133,7 @@ # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 -Listen 9999 +Listen 9998 # # Dynamic Shared Object (DSO) Support ---------- ID: apache Function: service.running Name: httpd Result: True Comment: Service restarted Started: 23:26:52.928307 Duration: 215.437 ms Changes: ---------- httpd: TrueSummary
------------ Succeeded: 3 (changed=2) Failed: 0 ------------ Total states run: 3可以看到改变2个操作
重启和配置文件改变 3.变量使用[root@salt-master salt]# vim sls_file/apache.sls
nginx: pkg.installed: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://config_file/httpd.conf - require: - pkg: nginx - template: jinja - context:#defaults port: 9997 service.running: - enable: True - name: httpd - watch: - pkg: nginx - file: nginx [root@salt-master salt]# vim config_file/httpd.conf Listen { { port }}[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion: ---------- ID: nginx Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:34:02.107754 Duration: 219.02 ms Changes: ---------- ID: nginx Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated Started: 23:34:02.328933 Duration: 21.308 ms Changes: ---------- diff: --- +++ @@ -133,7 +133,7 @@ # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 -Listen 9998 +Listen 9997 # # Dynamic Shared Object (DSO) Support ---------- ID: nginx Function: service.running Name: httpd Result: True Comment: Service restarted Started: 23:34:02.375926 Duration: 214.444 ms Changes: ---------- httpd: TrueSummary
------------ Succeeded: 3 (changed=2) Failed: 0 ------------ Total states run: 3[root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd'
salt-minion: tcp 0 0 :::9997 :::* LISTEN 4429/httpd 可以看到修改生效 4.每个主机端口不一样 nginx: pkg.installed: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://config_file/httpd.conf - require: - pkg: nginx - template: jinja - context: {% if grains['id'] == 'salt-minion'%} port: 9997 {% elif grains['id'] == 'salt-minion02'%} port: 9998 {% else %} port: 9999 {% endif %} service.running: - enable: True - name: httpd - watch: - pkg: nginx - file: nginx[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion: ---------- ID: nginx Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:39:51.984573 Duration: 217.182 ms Changes: ---------- ID: nginx Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 23:39:52.203991 Duration: 14.981 ms Changes: ---------- ID: nginx Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 23:39:52.219407 Duration: 25.886 ms Changes:Summary
------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3 [root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd' salt-minion: tcp 0 0 :::9997 :::* LISTEN 4429/httpd可以看到和原来一样
我们现在改一下端口 nginx: pkg.installed: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://config_file/httpd.conf - require: - pkg: nginx - template: jinja - context: {% if grains['id'] == 'salt-minion'%} port: 9998 {% elif grains['id'] == 'salt-minion02'%} port: 9997 {% else %} port: 9999 {% endif %} service.running: - enable: True - name: httpd - watch: - pkg: nginx - file: nginxsalt-minion为9998
salt-minion02为9997 [root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache salt-minion: ---------- ID: nginx Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:41:45.652814 Duration: 218.351 ms Changes: ---------- ID: nginx Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated Started: 23:41:45.873363 Duration: 17.753 ms Changes: ---------- diff: --- +++ @@ -133,7 +133,7 @@ # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 -Listen 9997 +Listen 9998 # # Dynamic Shared Object (DSO) Support ---------- ID: nginx Function: service.running Name: httpd Result: True Comment: Service restarted Started: 23:41:45.917686 Duration: 209.181 ms Changes: ---------- httpd: TrueSummary
------------ Succeeded: 3 (changed=2) Failed: 0 ------------ Total states run: 3 [root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd' salt-minion: tcp 0 0 :::9998 :::* LISTEN 4853/http 可以看到端口变为9998生效现在我们验证一下没有匹配到的情况
nginx: pkg.installed: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://config_file/httpd.conf - require: - pkg: nginx - template: jinja - context: {% if grains['id'] == 'salt-minion01'%} port: 9998 {% elif grains['id'] == 'salt-minion02'%} port: 9997 {% else %} port: 9999 {% endif %} service.running: - enable: True - name: httpd - watch: - pkg: nginx - file: nginx现在主机包含在其它的情况中
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache salt-minion: ---------- ID: nginx Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:43:14.444092 Duration: 215.958 ms Changes: ---------- ID: nginx Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated Started: 23:43:14.662291 Duration: 17.061 ms Changes: ---------- diff: --- +++ @@ -133,7 +133,7 @@ # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 -Listen 9998 +Listen 9999 # # Dynamic Shared Object (DSO) Support ---------- ID: nginx Function: service.running Name: httpd Result: True Comment: Service restarted Started: 23:43:14.706464 Duration: 203.308 ms Changes: ---------- httpd: TrueSummary
------------ Succeeded: 3 (changed=2) Failed: 0 ------------ Total states run: 3 [root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd' salt-minion: tcp 0 0 :::9999 :::* LISTEN 5017/httpd 现在变为9999也是生效的 这样就可以实现不通的minion id配置不同的端口优化:
sls描述处理逻辑,业务数据不应该在sls上 用pillar来做 apache: {% if grains['id'] == 'salt-minion'%} port: 9999 {% elif grains['id'] == 'salt-minion02'%} port: 9997 {% else %} port: 9998 {% endif %} [root@salt-master apache]# salt '*' pillar.get apache salt-minion: ---------- port: 9999修改sls
nginx: pkg.installed: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://config_file/httpd.conf - require: - pkg: nginx - template: jinja - context: port: { { salt['pillar.get']('apache:port',9995)}}#使用pillar获取的值,什么都没有的话会默认为9995 service.running: - enable: True - name: httpd - watch: - pkg: nginx - file: nginx [root@salt-master apache]# salt '*' cmd.run 'netstat -anutlp|grep httpd' salt-minion: tcp 0 0 :::9998 :::* LISTEN 5311/httpd [root@salt-master apache]# salt 'salt-minion' state.sls sls_file.apache salt-minion: ---------- ID: nginx Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:54:51.542798 Duration: 216.563 ms Changes: ---------- ID: nginx Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated Started: 23:54:51.761655 Duration: 17.513 ms Changes: ---------- diff: --- +++ @@ -133,7 +133,7 @@ # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 -Listen 9998 +Listen 9999 # # Dynamic Shared Object (DSO) Support ---------- ID: nginx Function: service.running Name: httpd Result: True Comment: Service restarted Started: 23:54:51.806378 Duration: 199.891 ms Changes: ---------- httpd: TrueSummary
------------ Succeeded: 3 (changed=2) Failed: 0 ------------ Total states run: 3 [root@salt-master apache]# salt '*' cmd.run 'netstat -anutlp|grep httpd' salt-minion: tcp 0 0 :::9999 :::* LISTEN 5692/httpd 这里就有一个技巧: 把数据放到pillar中这样我就只需要修改pillar就完成配置数据的管理,而配置管理的逻辑或者功能则用sls来来具体执行例如:
[root@salt-master ~]# vim /srv/pillar/top.slsbase:
'salt-minion': - nginx.nginx - packages - roles - apache '*': - system 对salt-minion进行nginx和apache的安装及配置管理 对所有主机进行系统设置 apache: {% if grains['id'] == 'salt-minion'%} port: 9999 {% elif grains['id'] == 'salt-minion02'%} port: 9997 {% else %} port: 9998 {% endif %}nofile: 102400
下面是sls文件 nofile_soft: cmd.run: - name: echo '* soft nofile { { salt['pillar.get']('nofile',10240) }}' >> /etc/security/limits.conf nofile_hard: cmd.run: - name: echo '* hard nofile { { salt['pillar.get']('nofile',10240) }}' >> /etc/security/limits.confnginx:
pkg.installed: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://config_file/httpd.conf - require: - pkg: nginx - template: jinja - context: port: { { salt['pillar.get']('apache:port',9995)}} service.running: - enable: True - name: httpd - watch: - pkg: nginx - file: nginx 这样功能就实现安装apache系统设置就完成nofile的修改 但是数据只改pillar就可以实现了,不用在sls中进行数据修改,只需在sls中进行逻辑功能编写即可周期执行sls文件
pillar中top.sls base: 'salt-minion': - nginx.nginx - packages - roles - apache '*': - system [root@salt-master pillar]# vim nginx/nginx.slsschedule:
nginx: function: state.sls minutes: 1#seconds秒级 args: - 'sls_file.nginx'等价于:
salt 'salt-minion' state.sls sls_file.nginx [root@salt-master pillar]# vim /srv/salt/sls_file/nginx.slsnginx:
pkg: - installed service: - running - enable: True - reload: True - watch: - pkg: nginx - file: /etc/nginx/nginx.conf - file: /etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf: file.managed: - source: salt://config_file/nginx/nginx.conf - user: root - group: root - mode: 644 /etc/nginx/conf.d/default.conf: file.managed: - source: salt://config_file/nginx/conf.d/default.conf - user: root - group: root - mode: 644 注意:不写name就默认把取名的id作为name - name :/etc/nginx/conf.d/default.conf 以上相当于每分钟执行一次 salt 'salt-minion' state.sls sls_file.nginx