saltstack之salt-ssh的使用及配置管理LAMP状态的实现
1 salt-ssh的使用
1. 安装salt-ssh [root@slave1 .ssh]# yum install -y salt-ssh 2. 配置salt-ssh # Sample salt-ssh config file #web1: # host: 192.168.42.1 # The IP addr or DNS hostname # user: fred # Remote executions will be executed as user fred # passwd: foobarbaz # The password to use for login, if omitted, keys are used # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2 slave1: host: 10.0.0.211 user: root passwd: shang185434 slave2: host: 10.0.0.212 user: root passwd: shang185434 3.使用salt-ssh远程执行 #第一次远程执行需要交互,加上”-i“ 参数可以免交互 [root@slave1 ~]# salt-ssh '*' test.ping slave2: ---------- retcode: 254 stderr: stdout: The host key needs to be accepted, to auto accept run salt-ssh with the -i flag: The authenticity of host '10.0.0.212 (10.0.0.212)' can't be established. ECDSA key fingerprint is SHA256:jggaAYjerBQyxtVOBnR/GoC+9TlCBy5Y6giz9nBPydQ. ECDSA key fingerprint is MD5:d5:a1:8f:c9:64:8d:e2:62:c2:d7:06:9a:d3:fc:0d:dd. Are you sure you want to continue connecting (yes/no)? slave1: ---------- retcode: 254 stderr: stdout: The host key needs to be accepted, to auto accept run salt-ssh with the -i flag: The authenticity of host '10.0.0.211 (10.0.0.211)' can't be established. ECDSA key fingerprint is SHA256:jggaAYjerBQyxtVOBnR/GoC+9TlCBy5Y6giz9nBPydQ. ECDSA key fingerprint is MD5:d5:a1:8f:c9:64:8d:e2:62:c2:d7:06:9a:d3:fc:0d:dd. Are you sure you want to continue connecting (yes/no)? [root@slave1 ~]# salt-ssh '*' test.ping -i slave1: True slave2: True 4. “-r” 远程执行命令参数 [root@slave1 ~]# salt-ssh '*' -r 'uptime' slave1: ---------- retcode: 0 stderr: stdout: root@10.0.0.211's password: 03:26:49 up 3:38, 2 users, load average: 0.01, 0.08, 0.13 slave2: ---------- retcode: 0 stderr: stdout: root@10.0.0.212's password: 03:26:49 up 10:02, 1 user, load average: 0.00, 0.01, 0.05
2 常用模块和jinja模板
参考:https://www.unixhot.com/docs/saltstack/ref/states/highstate.html
2.1 状态模块特点:
1)状态是不可以回滚的。
2)写好的状态模块要支持多次执行。
2.2 pkg 模块
pkg模块是虚拟的,根据操作系统的不同,调用相关的工具安装操作系统。
参考:https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.pkg.html#module-salt.states.pkg
pkg模块常用方法:
pkg.installed 安装
pkg.latest 确保最新版本
pkg.remove 卸载
pkg.purge 卸载并且删除配置文件
使用pkg模块安装多个软件:
lamp-pkg: pkg-installed: - pkgs: - httpd - php - mysql - maridb-server - php-mysql - php-cli - php-mbstring
2.3 file模块
参考:https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.file.html#module-salt.states.file
使用样例:
apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://files/httpd.conf - user: root - group: root - mode: 644
2.3 service模块
样例:
apache-services: service.running: - name: httpd - enable: True # 允许开机启动 - reload: True # 允许重载
2.4 状态间关系
- 1我依赖谁? require
- 2我被谁依赖? require_in
- 3我监控谁? watch (包含require)
- 4我被谁监控?watch_in
- 5我引用谁?include
- 6我扩展谁?用到再说。
使用举例:
#我依赖谁? require apache-services: service.running: - name: httpd - enable: True - reload: True - require: # 他们都正常执行了,我才执行。 - pkg: lamp-pkg - file: apapche-config #我被谁依赖?(谁依赖我?) mysql-config: file.managed: - name: /etc/my.conf - source: salt://lamp/files/my.cnf - user: root - gropu: root - mode: 644 - require_in: # 和 require - service: mysql-service #我监控谁? #如果配置文件修改了,就重启服务。 apache-services: service.running: - name: httpd - enable: True - reload: True - require: - pkg: lamp-pkg - file: apapche-config - watch: - file: apache-config 1.如果监控到apache-config的状态发生改变(就是配置文件改变了),就重载服务。 2.这里需要注意,如果加上了relaod : True 就是重载,如果没有就是重启。
2.5 jinja模板
参考文档:http://docs.jinkan.org/docs/jinja2/
使用背景:
有100台机器,有一个配置文件需要更改为本机的ip地址。最佳实践就是通过jinja模版来做。
二种分割符:
{{...}} 表示变量的引用。
{%...%} 表示表达式
jinja模版使用方法:
1)相当于在jinja模版里,定义了一个变量,模版配置文件里面再去调用。
2)可以在模版文件里,也可以写在sls文件里,然后模版文件直接调用。
- template: jinja #告诉File模块,你要使用jinja模版 - defaults: #列出参数列表 PORT: 80 {{ PORT }} #模版文件里面进行引用
例子:
[root@slave1 ~]# vim /srv/salt/prod/redis/init.sls redis-install: pkg.installed: - name: redis redis-config: file.managed: - name: /etc/redis.conf - source: salt://redis/files/redis.conf - user: root - group: root - mode: 644 - template: jinja #告诉模板使用jinja defaults: PORT: 6379 #定义的参数 IPADDR: {{ grains['fqdn_ip4'][0] }} #获取主机ip redis-service: service.running: - name: redis - enable: True - reload: True
在模板文件中定义jinja模板
[root@slave1 ~]# vim /srv/salt/prod/redis/files/redis.conf
port {{ PORT }} #要传递端口
bind {{ IPADDR }} #传递要获取的主机ip
3 配置管理
3.1 状态的含义
States是Saltstack中的配置语言,在日常进行配置管理时需要编写大量的States文件。比如我们需要安装一个包,然后管理一个配置文件,最后保证某个服务正常运行。
这里就需要我们编写一些states sls文件(描述状态配置的文件)去描述和实现我们的功能。编写的states sls文件都是YAML语法,
states sls文件也支持使用Python语言编写。
所谓的状态就是希望系统运行某些命令之后的结果。描述状态使用YAML格式的文件。SLS:salt state
例如安装Apache,如下:
[root@slave1 apache]# vim /srv/salt/base/apache/apache.sls apache: pkg.installed: - name: httpd service.running: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 解释说明: apache:id声明,在所有环境(base、prod)下全局唯一 pkg:状态模块 .:引用关系 installed:模块中的方法 ::代表层级关系 name:可以理解为参数,后面跟的是参数值 file.managed:文件管理模块,必须要有source指定文件的来源路径 source:文件的来源路径,salt://代表着环境的根路径,这的根路径为:/srv/salt/base/ user、group、mode:分别指定文件的所属者,所属组和权限 以上的文件还可以使用分id的写法: apache-install: pkg.installed: - name: httpd apache-service: service.running: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 存在指定多个配置文件,还可以使用一下写法:(不适用name作为参数传递时,id就是name) /etc/httpd/conf/httpd.conf: file.managed: - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 /etc/httpd/conf/php.conf: file.managed: - source: salt://apache/files/php.conf - user: root - group: root - mode: 644
3.2 LAMP的状态设计与实现
3.2.1 设计分析
名称 软件包 配置文件 服务
使用模块 pkg file service
LAMP httpd、php、mariadb、mariadb-server、php-mysql、php-pdo、php-cli /etc/httpd/conf/httpd.conf、/etc/php.ini httpd、mysqld
3.2.2 LAMP状态模块编写及部署实现
提示:master:提前装好httpd,php,mysql用于配置文件的生成。
否则会因为服务配置文件没有内容造成服务无法正常启动。
[root@slave1 ~]# cd /srv/salt/prod/ [root@slave1 prod]# mkdri apache php mysql [root@slave1 prod]# tree . ├── apache ├── mysql └── php 3 directories, 0 files #编写Apache的状态模块 [root@slave1 prod]# cd apache/ [root@slave1 apache]# vim init.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True [root@slave1 apache]# mkdir files [root@slave1 files]# cp /etc/httpd/conf/httpd.conf . [root@slave1 apache]# tree . ├── files │ └── httpd.conf └── init.sls 1 directory, 2 files #编写php的状态模块 [root@slave1 prod]# cd php/ [root@slave1 php]# vim init.sls php-install: pkg.installed: - pkgs: - php - php-pdo - php-mysql php-config: file.managed: - name: /etc/php.ini - source: salt://php/files/php.ini - user: root - group: root - mode: 644 [root@slave1 php]# mkdir files [root@slave1 php]# cd files/ [root@slave1 files]# cp /etc/php.ini . [root@slave1 php]# tree . ├── files │ └── php.ini └── init.sls #编写mysql的状态模块 [root@slave1 prod]# cd mysql/ [root@slave1 mysql]# vim init.sls mysql-install: pkg.installed: - pkgs: - mariadb - mariadb-server mysql-config: file.managed: - name: /etc/my.cnf - source: salt://mysql/files/my.cnf - user: root - gourp: root - mode: 644 mysql-service: service.running: - name: mariadb-server - enable: True [root@slave1 mysql]# mkdir files [root@slave1 mysql]# cd files/ [root@slave1 files]# cp /etc/my.cnf . [root@slave1 mysql]# tree . ├── files │ └── my.cnf └── init.sls #模块测试: [root@slave1 base]# salt 'slave2' state.sls apache.init saltenv=prod slave2: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 00:19:32.302589 Duration: 1674.126 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 00:19:33.981041 Duration: 4.449 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 00:19:33.986049 Duration: 465.027 ms Changes: Summary ------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3
3.2.3 整合到top file文件中,来执行高级状态
[root@slave1 base]# pwd /srv/salt/base [root@slave1 base]# vim top.sls prod: 'slave*': - apache.init - php.init - mysql.init 测试: [root@slave1 base]# salt 'slave2' state.highstate slave2: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: The following packages were installed/updated: httpd Started: 00:10:45.457884 Duration: 14741.991 ms Changes: ---------- httpd: ---------- new: 2.4.6-80.el7.centos.1 old: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 00:11:00.203269 Duration: 16.774 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd has been enabled, and is running Started: 00:11:00.257424 Duration: 1183.295 ms Changes: ---------- httpd: True ---------- ID: php-install Function: pkg.installed Result: True Comment: 3 targeted packages were installed/updated. Started: 00:11:01.443259 Duration: 7833.45 ms Changes: ---------- php: ---------- new: 5.4.16-45.el7 old: php-mysql: ---------- new: 5.4.16-45.el7 old: php-pdo: ---------- new: 5.4.16-45.el7 old: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini updated Started: 00:11:09.279224 Duration: 72.452 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: mysql-install Function: pkg.installed Result: True Comment: 2 targeted packages were installed/updated. Started: 00:11:09.353923 Duration: 16336.395 ms Changes: ---------- mariadb: ---------- new: 1:5.5.60-1.el7_5 old: mariadb-server: ---------- new: 1:5.5.60-1.el7_5 old: ---------- ID: mysql-config Function: file.managed Name: /etc/my.cnf Result: True Comment: File /etc/my.cnf updated Started: 00:11:25.692557 Duration: 60.167 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: mysql-service Function: service.running Name: mariadb Result: True Comment: Service mariadb has been enabled, and is running Started: 00:11:25.784130 Duration: 3374.439 ms Changes: ---------- mariadb: True Summary ------------ Succeeded: 8 (changed=7) Failed: 0 ------------ Total states run: 8
3.2.4 Include的使用
Include的使用 [root@slave1 prod]# pwd [root@slave1 prod]# vim lamp.sls /srv/salt/prod include: - apache.init - php.init - mysql.init [root@slave1 prod]# vim ../base/top.sls prod: 'slave*': - lamp 测试: [root@slave1 prod]# salt 'slave2' state.highstate slave2: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 00:37:18.185204 Duration: 1515.12 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 00:37:19.702850 Duration: 3.363 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 00:37:19.706721 Duration: 432.859 ms Changes: ---------- ID: php-install Function: pkg.installed Result: True Comment: All specified packages are already installed. Started: 00:37:20.139849 Duration: 0.75 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini is in the correct state Started: 00:37:20.140688 Duration: 5.864 ms Changes: ---------- ID: mysql-install Function: pkg.installed Result: True Comment: All specified packages are already installed. Started: 00:37:20.146671 Duration: 0.664 ms Changes: ---------- ID: mysql-config Function: file.managed Name: /etc/my.cnf Result: True Comment: File /etc/my.cnf is in the correct state Started: 00:37:20.147454 Duration: 22.186 ms Changes: ---------- ID: mysql-service Function: service.running Name: mariadb Result: True Comment: Service mariadb is already enabled, and is in the desired state Started: 00:37:20.169863 Duration: 441.656 ms Changes: Summary ------------ Succeeded: 8 Failed: 0 ------------ Total states run: 8
3.2.5 require的使用
参考:https://docs.saltstack.com/en/latest/topics/tutorials/states_pt2.html
[root@slave1 ~]# vim /srv/salt/prod/apache/init.sls pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd1.conf #故意写错配置 - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - require: #依赖apache-config的配置 - file: apache-config #测试 root@slave1 ~]# salt 'slave1' state.sls apache.init saltenv=prod slave1: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 01:13:47.407217 Duration: 2063.3 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: False Comment: Source file salt://apache/files/httpd1.conf not found Started: 01:13:49.472921 Duration: 18.354 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: False Comment: One or more requisite failed: apache.init.apache-config Started: Duration: Changes: Summary ------------ Succeeded: 1 Failed: 2 ------------ Total states run: 3 [root@slave1 ~]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: inactive (dead) since 一 2018-11-19 01:13:42 CST; 10s ago Docs: man:httpd(8) man:apachectl(8) Process: 11014 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS) Process: 10820 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS) Main PID: 10820 (code=exited, status=0/SUCCESS) Status: "Total requests: 0; Current requests/sec: 0; Current traffi
浙公网安备 33010602011771号