前言
上轮学习了grains、pillar和jinja2语言来扩展文件和模板文件。在highstate里,将学习如何组织主机状态,把多个主机状态配置根据不同规则进行复合,进而对整个服务器集群进行整体管控
- 生产状态中会存在许多主机角色,如果我们像前面部署lamp一台主机一个state.sls文件,那么就会使得维护好管理变得困难繁琐。我们需要通过拆分和复用让状态文件更加模块化。对此,saltstack为我们提供了highstate模块。
用top.sls文件管理状态文件
top.sls也可以用来在状态系统中将不同的状态文件定义到不同的minion中
# mkdir -pv /srv/salt/lamp
# tree /srv/salt/lamp
/salt/lamp/
├── httpd.conf
├── lamp.sls
├── my.cnf
└── php.ini
[root@localhost salt]# cat top.sls
base:
192.168.184.133:
- lamp.lamp ## lamp目录下的lamp.sls文件
- 通过top.sls可以很方便的对多个状态文件和主机进行管理,接下来将学习如何拆分和复用状态文件。
状态文件的拆分和复用
- 安装和管理lamp的模块包含了httpd、PHP、MySQL的安装,并且管理了这些软件的配置文件和服务启动。从复用角度来看把这些配置写在一起是不方便的,所以要把类似lamp.sls这种模块拆分成尽可能小的可复用的单元。
## 先把模块的目录结构化,对应的文件放入对应的目录
mkdir -pv /srv/salt/lamp/{template,file}
[root@localhost lamp]# mv httpd.conf my.cnf php.ini file/
[root@localhost lamp]# mv lamp.sls template/
## 从复用的角度讲,我们可以将lamp模块拆分成httpd模块,PHP模块和MySQL模块。
## mkdir -pv /srv/salt/{httpd,php,mysql}/file
###### httpd
[root@localhost httpd]# tree ./
./
├── file
│ ├── httpd.conf
│ ├── my.cnf
│ └── php.ini
├── httpd_conf.sls
├── httpd_running.sls
├── init.sls
└── install_httpd.sls
[root@localhost httpd]# cat init.sls
include:
- .install_httpd
- .httpd_running
- .httpd_conf
[root@localhost httpd]# cat httpd_running.sls
httpd_running:
service.running:
- name: httpd
- enable: True
- require:
- pkg: install_httpd
- watch:
- file: httdp_conf
[root@localhost httpd]# cat install_httpd.sls
install_httpd:
pkg.installed:
- pkgs:
- httpd
- httpd-devel
[root@localhost httpd]# cat httpd_conf.sls
httdp_conf:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/file/httpd.conf
- user: root
- group: root
- mode: 600
###### PHP
[root@localhost php]# tree ./
./
├── file
│ └── php.ini
├── install_php.sls
├── php_conf.sls
└── php_running.sls
[root@localhost php]# cat init.sls
include:
- .install_php
- .php_running
- .php_conf
[root@localhost php]# cat install_php.sls
install_php:
pkg.installed:
- names:
- php
- php-mysql
- php-common
- php-gd
- php-mbstring
- php-devel
- php-xml
- php-fpm
[root@localhost php]# cat php_conf.sls
php_conf:
file.managed:
- name: /etc/php.ini
- source: salt://php/file/php.ini
- user: root
- group: root
- mode: 600
[root@localhost php]# cat php_running.sls
php_running:
service.running:
- name: php-fpm
- enable: True
- reload: True
- watch:
- file: php_conf
###### MySQL
[root@localhost mysql]# tree ./
./
├── file
│ └── my.cnf
├── init.sls
├── mysql_conf.sls
├── mysql_install.sls
└── mysql_running.sls
[root@localhost mysql]# cat init.sls
include:
- .mysql_install
- .mysql_running
- .mysql_conf
[root@localhost mysql]# cat mysql_install.sls
mysql_install:
pkg.installed:
- pkgs:
- mysql
- mysql-server
- mysql-devel
service.running:
- name: mysqld
- enable: True
- reload: True
- require:
- pkg: install_httpd
- watch:
- file: mysql_conf
[root@localhost mysql]# cat mysql_running.sls
mysql_running:
service.running:
- name: mysqld
- enable: True
- reload: True
- require:
- mysql_install
- watch:
- file: mysql_conf
[root@localhost mysql]# cat mysql_conf.sls
mysql_conf:
file.managed:
- name: /etc/my.cnf
- source: salt://mysql/file/my.cnf
- user: root
- group: root
- mode: 600
###### 修改top.sls文件
[root@localhost salt]# vim top.sls
base:
192.168.184.133:
- match: list
- httpd
- php
- mysql ## 没指定sls文件的话默认读mysql目录下的init.sls
- master端执行
salt 192.168.184.133 state.highstate - 报错:
----------
ID: httpd_conf
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: False
Comment: Source file salt://httpd.conf not found
Started: 20:45:53.330668
Duration: 14.211 ms
Changes:
### 由于salt目录下有上次实验保留下来的httpd.sls,salt读到了这个文件,改名为httpd.sls_bak即可(为什么会识别到这个文件?)
[root@localhost salt]# cat httpd.sls
install_httpd:
pkg.latest:
- name: httpd
httpd_running:
service.running:
- name: httpd
- enable: True
- require:
- pkg: install_httpd
- watch:
- file: httpd_conf
httpd_conf:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd.conf
- user: root
- group: root
- mode: 600
- 拆分和配置top.sls可以灵活地组合各种复用模块,但有时候对最基本模块的要求也会不一样。如果同样是安装Nginx,一些minion是用来做反向代理,一些是web服务器。这时候可以选择扩展原有的Nginx模块或者通过设置不同minion的grains和pillar属性来下发不同的配置文件。(在实战篇会演示)
多环境的配置和管理
top.sls中的base配置项
- base配置项其实是salt配置文件中默认的环境目录。如下代码:
- file_roots这个配置项指明了我们的环境目录在哪里,SALT执行对应的SLS状态文件都会从默认的目录去寻找。
- 在生产环境中我们可以通过配置文件来对不同的环境(生产、测试环境等)配置不同的目录,方便区分和便于管理。如下代码:
- 分别在 file_roots:指定的目录中建立对应的状态配置模块,并在/srv/salt/top.sls中对所有环境的管理做统一入口,如此就可以完成不同环境的管理和隔离。
[root@localhost ~]# vim /etc/salt/master
# Example:
# file_roots:
# base:
# - /srv/salt/
# dev:
# - /srv/salt/dev/services
# - /srv/salt/dev/states
# prod:
# - /srv/salt/prod/services
# - /srv/salt/prod/states
#
#file_roots:
# base:
# - /srv/salt
###### 生产环境配置不同的目录:
file_roots:
base:
- /srv/salt/
dev:
- /srv/salt/dev/
prod:
- /srv/salt/prod/