## saltstack 学习记录


配置文件


$ cat /etc/salt/master.d/10-master.conf
user: root
interface: 127.0.0.1
ipv6: False
worker_threads: 10
hash_type: sha256
log_level_logfile: debug
log_level: info
default_top: base
cli_summary: false
state_output: changes
$ cat /etc/salt/master.d/20-git.off
fileserver_backend:
  - git



#gitfs_remotes:
#  - http://salt-master:[email protected]:80/saltstack/state.git
$ cat /etc/salt/master.d/30-file.conf
file_roots:
  dev:
    - /home/jony/salt_gitlab

cat /etc/salt/master.d/40-mongo.conf
mongo.db: vortex
mongo.host: 127.0.0.1
mongo.user: mongodb_salt
mongo.password: 123456
mongo.indexes: true

master_tops:
  mongo: { id_field: minion_id, collection: salt_top }
ext_pillar:
  - mongo: { id_field: minion_id, collection: salt_pillar }


### saltstack 用法


> 如果刷新不出数据,或者出现一些莫名其妙的问题,可以killall -9 杀掉重启试试

$ salt '*' saltutil.pillar_refresh 刷新pillar数据
$ salt '*' pillar.items #获取pillar数据
$ salt '*' pillar.data #获取pillar数据
$ salt 'ubuntu' pillar.items application:mysql-databases:grants:from 
ubuntu:
    ----------
    application:mysql-databases:grants:from:
        %
$ salt '*' grains.items #获取grains 数据
$ salt '*' grains.ls
$ salt 'ubuntu' grains.item ip_interfaces:eth0
ubuntu:
    ----------
    ip_interfaces:eth0:
        - 192.168.100.130
        - fe80::20c:29ff:fea9:c4f4
$ salt 'ubuntu' sys.doc #获取帮助信息

## mongodb 部署

#### 目录结构

$ tree subsystem/mongo
mongo
├── client
│   ├── init.sls
│   └── mongo-client-install.sls
├── init.sls
└── server
    ├── init.sls
    ├── mongo-3.4.pub
    ├── mongodb-install.sls
    ├── mongodb-reconfigure.sls
    └── mongod_conf.jinja

#### sls文件编写

$ cat init.sls 
include:
  - .server
  - .client

$ cat server/init.sls #初始化模板,这样写易于扩展
{% if 'mongo-server' in pillar['subsystem'] and pillar['subsystem']['mongo-server']['status']  == 'installed' %}
include:
  - .mongodb-reconfigure
{% elif 'mongo-server' in pillar['subsystem'] and pillar['subsystem']['mongo-server']['status']  == 'pre-install' %}
include:
  - .mongodb-install

$ cat server/mongodb-install.sls  #安装sls文件
{% set config = pillar['subsystem']['mongo-server'] %}
subsystem.mongo.server.deploy:
  pkgrepo.managed:
    - humanname: mongodb-org-3.4
    - name: deb [ arch=amd64 ] http://mirrors.aliyun.com/mongodb/apt/ubuntu trusty/mongodb-org/3.4 multiverse
    - key_url: salt://subsystem/mongodb/mongo-3.4.pub
    - file: /etc/apt/sources.list.d/mongodb-org-3.4.list
    - unless: apt-key list|grep -qE 'MongoDB 3.4 Release'
  pkg.installed:
    - name: mongodb-org
    - skip_verify: True
    - skip_suggestions: True
  file.directory:
    - name: /data/mongodata
    - user: mongodb
    - group: mongodb
    - makedirs: True
subsystem.mongo.server.config:
  file.managed:
    - name: /etc/mongod.conf
    - source: salt://subsystem/mongo/server/mongod_conf.jinja
    - template: jinja
    - defaults:
      config: {{ pillar['subsystem']['mongo-server'] | json() }}
  service.running:
    - name: mongod
    - enable: True
    - restart: True
    - watch:
      - file: /etc/mongod.conf
subsystem.mongo.server.root:
  cmd.run:
    - cwd: /root
    - name: mongo admin --eval "db.createUser({user:'mongodbadmin', pwd:'{{ config['install_password'] }}', roles:['root']})"
    - unless: echo 'show users' | mongo admin | grep -qE '.*_id.*admin.mongodbadmin'
    - require:
      - service: mongod

$ cat server/mongod_conf.jinja  #配置文件jinja模板
storage:
  dbPath: /data/mongodata
  journal:
    enabled: true
systemLog:
  destination: file
  logAppend: true
  path: /data/mongodata/mongod.log
net:
  port: {{ config['listen-port'] if 'listen-port' in config else '27017' }}
  bindIp: {{ config['listen-ip'] if 'listen-ip' in config else '127.0.0.1' }}
{% if 'status' in config and config['status'] == 'installed' %}
security:
   authorization: enabled
{% endif %}

$ cat server/mongo-3.4.pub  #apt安装所需要的mongo公钥
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFaUNhsBEACkTlpL9xCrlirl77tahFzzd9ccTc5wP+M3oob18GIaMYKicjbR
h6J6ytCiXCkl65zYKvQdLkt8qlkBVc5DxGeJvD41IY3NzGPz+BZ9pFFBndAE+JEP
ng0ULLxzUDmWXIoukdHqf92BSizTFd2A8v+YGuwOkNBdPi/BHkwiViAaAKDZm/4k
9LZeOF0v7gZF89QD75NrSCKo5SGFRb8Cxi4KR4cS/jPuQVjd+B9fWkc74BUWE91t
3R87Uypd+1qnmoN6cOssLZ4s8n/cyOCkVphGmk1tDDhbEsI4knOqtPXaBHiC4lVI
ghpTHEDUuDfbQ7scySae8/YItTC/vVGngiJmZSfZU5AvVspe6rfkHQHqZs3gYMqj
XPl7acviEAZ7OiMp9diq6Kgp+xLRvRGL+jtUjLkP5O4gJlnxCm7YWrYfYA/vHULD
MyIGSBzuESGxL+Ygz+Dc0Aim9NPM5KhpV5FoAXNt50cn6n1adIwbUciRY0zBXKAI
Vj6D+j3e0ozsO+GGEpmQFAIo1h7CEn8VV61WaLz2F60LKR8d/DEMZ7SY8uznbzkm
TJCeCp/pTnPeGwkyJmJ78LAaKw2tSCeEAfRlnzPeQeanOnEX/wnAjHHAHewvGgQe
GW1QkEdy8zNmfODDf9wqknBShaFRHAOAQFEgBAkYHuT4SgHqW8TVDtF3CQARAQAB
tDdNb25nb0RCIDMuNCBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwYWNrYWdpbmdAbW9u
Z29kYi5jb20+iQI+BBMBAgAoBQJWlDYbAhsDBQkDwmcABgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRC8cR+boVcDxmtEEACSjnZcwcozGYS/8peH2P8yPxD2mXVQ
AJ8Pss+YBo8hpRaiA7BEY+FFthbSYEX8XRR/Bg9HjDk9CNXc221I0WcTRv3Sb718
QutRd4ppdGtusgTHjUdYNDzctExU90vtJRvwI2oiz2YA8dM7mtTzUFpR4IQGopB4
PmjEls6hkebTjjSaO9UmcLyip+S+rTZ9c8UQvBH7rNoe4QacmGi/l/uUo/q4J7nE
jtjpsemUK7LWY7YtB21F/hH3OrQkgQAoVv2q2xSaiLJeWsr33jgd4o4/d3QN1t/P
GkNIOEBdO/hM8uOj+hGD+tDphHzd9jGjALqV6lC2k9zNXyAFnTUwp0NL74hODv6z
daihKu4fTRU7S0eYSGc2sQDPiiQF5YkxAHqADnPmR2ZpBVVtbUNB31BDOYjTzRwq
tkLKRCgI29Kgut0Uhvq+/Hx+0485ndgzcqeaLhslUagZy1bXN3sDW4QYN2tPvP+P
2JDtGydsYGZCWA0FBRFdsSbruBSK/BkEpGhq97bE9vclfVchb989A47lgErusw5C
xtLxUGPmVc2dYmHJLUkgHszdcTLHwy8/arYMehG7RVzAEG55AueLsc9B0vSI0E6r
lvalHgoCttCynEzM4Ol1rcG9XtlCyKk4AeimYLE/cxlckDoIVVwrFXrRrhB41Asw
rP4l4xtk+nWHpg==
=F42J
-----END PGP PUBLIC KEY BLOCK-----

$ cat server/mongodb-reconfigure.sls #如果配置文件有变,就重启
subsystem.mongo.server.config:
  file.managed:
    - name: /etc/mongod.conf
    - source: salt://subsystem/mongo/server/mongod_conf.jinja
    - template: jinja
    - defaults:
      config: {{ pillar['subsystem']['mongo-server'] | json() }}
  service.running:
    - name: mongod
    - enable: True
    - restart: True
    - watch:
      - file: /etc/mongod.conf
$ cat client/init.sls #client客户端安装,易于扩展
{% if 'mongo-client' in pillar['subsystem'] and pillar['subsystem']['mongo-client']['status']  == 'pre-install' %}
include:
  - .mongo-client-install
{% endif %}

$ cat client/mongo-client-install.sls  #客户端安装
Add apt-repo of mongodb-org on {{ grains['id'] }}:
  pkgrepo.managed:
    - humanname: mongodb-org-3.4
    - name: deb [ arch=amd64 ] http://mirrors.aliyun.com/mongodb/apt/ubuntu trusty/mongodb-org/3.4 multiverse
    - key_url: salt://subsystem/mongodb/mongo-3.4.pub
    - file: /etc/apt/sources.list.d/mongodb-org-3.4.list
    - unless: apt-key list|grep -qE 'MongoDB 3.4 Release'
  pkg.installed:
    - name: mongodb-org-shell
    - skip_verify: True
    - skip_suggestions: True

## mongodb增删创建库与用户
#### 目录结构
$ tree application/mongo
mongo
├── init.sls
├── mongo_create.sh
├── mongo_drop.sh
├── mongo_user_create.sh
└── mongo_user_drop.sh

#### sls 文件编写
$ cat mongo/init.sls 
{% if 'mongodb-client' in pillar['subsystem'] and pillar['subsystem']['mongodb-client']['status'] == 'installed' %}
{% for mongo in pillar['application']['mongodb-instances'] %}
{% for db in mongo['dbs'] %}
{% if 'delete' in db and db['delete'] %}
Drop mongo database {{ db['dbname'] }}:
  cmd.script:
    - name: salt://application/mongo/mongo_drop.sh
    - cwd: /root
    - stateful: True
    - template: jinja
    - default:
      dbname: {{ db['dbname'] }}
      adminuser: {{ mongo['adminuser'] }}
      adminpasswd: {{ mongo['adminpasswd'] }}
      host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }}
      port: {{ mongo['port'] if 'port' in mongo else '27017' }}
{% else %}
Create mongo database  {{ db['dbname'] }}:
  cmd.script:
    - name: salt://application/mongo/mongo_create.sh
    - cwd: /root
    - stateful: True
    - template: jinja
    - default:
      dbname: {{ db['dbname'] }}
      adminuser: {{ mongo['adminuser'] }}
      adminpasswd: {{ mongo['adminpasswd'] }}
      host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }}
      port: {{ mongo['port'] if 'port' in mongo else '27017' }}
{% if 'users' in db %}
{% for user in db['users'] %}
{% if 'delete' in user and user['delete'] %}
Drop user {{ user['username'] }} on {{ db['dbname'] }}:
  cmd.script:
    - name: salt://application/mongo/mongo_user_drop.sh
    - cwd: /root
    - stateful: True
    - template: jinja
    - default:
      username: {{ user['username'] }}
      adminuser: {{ mongo['adminuser'] }}
      adminpasswd: {{ mongo['adminpasswd'] }}
      host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }}
      port: {{ mongo['port'] if 'port' in mongo else '27017' }}
      dbname: {{ db['dbname'] }}
{% else %}
Create user {{ user['username'] }} on {{ db['dbname'] }}:
  cmd.script:
    - name: salt://application/mongo/mongo_user_create.sh
    - cwd: /root
    - stateful: True
    - template: jinja
    - default:
      username: {{ user['username'] }}
      mongo_password: {{ user['password'] }}
      privileges: {{ user['privileges'] if 'privileges' in user else ['read'] | json() }}
      adminuser: {{ mongo['adminuser']  }}
      adminpasswd: {{ mongo['adminpasswd']  }}
      host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1'  }}
      port: {{ mongo['port'] if 'port' in mongo else '27017'  }}
      dbname: {{ db['dbname']  }}
{% endif %} # delete in user
{% endfor %} # user in db
{% endif %} # user in db
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}


#### 创建db脚本

$ cat mongo/mongo_create.sh 
#!/usr/bin/env bash
#_author=jony
#判断db是否存在
info=$(echo 'show dbs'|mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin)
if echo ${info}|grep -qE "{{ dbname }}"; then
    echo "changed=false comment='db {{ dbname }} is already present'"
    exit 0
elif [ -n "${1}" -a "${1}" == "test" ];then
    echo "changed=false comment='db {{ dbname }} is already present ${info}' test=True"
    exit 0
fi
#创建db
info=$(mongo --host "{{ host  }}" --port "{{ port  }}" -u "{{ adminuser  }}" -p "{{ adminpasswd }}" --authenticationDatabase admin {{ dbname }} --eval "db.iteminfo.insert({dbinfo:'mongo for game'})")
if echo $info |grep -qE "nInserted";then
    echo "changed=true comment='Create mongodb {{ dbname }} on {{ host }} Success!'"
    exit 0
else
    echo "changed=false comment='Create mongodb {{ dbname }} on {{ host }} Failed!"
    exit 1
fi

#### 删除db脚本

$ cat mongo/mongo_drop.sh 
#!/usr/bin/env bash
#_autho=jony
#判断db是否存在
info=$(echo 'show dbs;' |mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin)
if echo ${info} |grep -qvE "{{ dbname }}"; then
    echo "changed=false comment='db {{ dbname }} is absent'"
    exit 0
elif [ -n "${1}" -a "${1}" == "test" ];then
    echo "changed=false comment='db {{ dbname }} is absent' test=True"
    exit 0
fi
#创建db
info=$(mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin  {{ dbname }} --eval "db.dropDatabase()")
if echo $info |grep -qE ".*dropped.*ok.*1";then
    echo "changed=true comment='Drop mongodb {{ dbname }} on {{ host }}  Success!'"
    exit 0
else
    echo "changed=false comment='Drop mongodb {{ dbname }} on {{ host }} Failed!'"
    exit 1
fi


#### 创建用户并授权

$ cat mongo/mongo_user_create.sh 
#!/usr/bin/env bash
#_author=jony
msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUsers()")
_action=0
#判断用户是否存在
if echo ${msg}|grep -qE '.*_id" : "{{ dbname }}.{{ username }}"';then
    # 判断权限是否有变更
    _priv=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUser('{{ username }}')" |awk -F':' '/"role"/{print $2}'|tr -d '\n ",')
    _cpriv=$(echo {{ privileges }} | tr -d '[, ]')
    if [[ ${_priv} == ${_cpriv} ]]; then
        echo "changed=false comment='{{ dbname }}.{{ username }} with roles is already present '"
        exit 0
    else
        _action=1
    fi
elif [ -n "${1}" -a "${1}" == "test" ];then
    echo "changed=false comment='{{ dbname }}.{{ username }} is already present' test=True"
    exit 0
fi
if [ ${_action} -eq 0 ];then
#创建用户
    msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" \
        --eval 'db.createUser({user:"{{ username }}",pwd:"{{ mongo_password }}",roles:["{{ privileges }}"]})')
    if echo $msg |grep -qE "Successfully added";then
        echo "changed=true comment='Create {{ dbname }}.{{ username }} Success!'"
        exit 0
    else
        echo "changed=false comment='Create {{ dbname }}.{{ username }} Failed!"
        exit 1
    fi
else
    msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" \
    --eval 'db.updateUser("{{ username }}",{roles:[ "{{ privileges | join('","') }}" ]})')
    if [ $? -eq 0 ];then
        echo "changed=true comment='Change privileges Success!'${_cpriv} and ${_priv}"
        exit 0
    else
        echo "changed=false comment='Change privileges Failed!'"
        exit 1
    fi
fi

#### 删除用户

$ cat mongo/mongo_user_drop.sh 
#!/usr/bin/env bash
#_author=jony
#判断user是否存在
info=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUsers()")
if echo ${info}|grep -qvE "{{ dbname }}.{{ username }}"; then
    echo "changed=false comment='{{ dbname }}.{{ username }} is already present'"
    exit 0
elif [ -n "${1}" -a "${1}" == "test" ];then
    echo "changed=false comment='{{ dbname }}.{{ username }} is already present' test=True"
    exit 0
fi
#删除用户
info=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.dropUser('{{ username }}')")
if echo $info |grep -qE "true";then
    echo "changed=true comment='Drop {{ dbname }}.{{ username }} Success!'"
    exit 0
else
    echo "changed=false comment='Drop {{ dbname }}.{{ username }} Failed!"
    exit 1
fi