## saltstack 学习记录
配置文件
$ cat /etc/salt/master.d/10-master.conf
user: root interface: 127.0.0.1 ipv6: False worker_threads: 10 hash_type: sha256 log_level_logfile: debug log_level: info default_top: base cli_summary: false state_output: changes
$ cat /etc/salt/master.d/20-git.off
fileserver_backend: - git
#gitfs_remotes: # - http://salt-master:[email protected]:80/saltstack/state.git
$ cat /etc/salt/master.d/30-file.conf
file_roots: dev: - /home/jony/salt_gitlab
cat /etc/salt/master.d/40-mongo.conf
mongo.db: vortex mongo.host: 127.0.0.1 mongo.user: mongodb_salt mongo.password: 123456 mongo.indexes: true
master_tops: mongo: { id_field: minion_id, collection: salt_top } ext_pillar: - mongo: { id_field: minion_id, collection: salt_pillar }
### saltstack 用法
> 如果刷新不出数据,或者出现一些莫名其妙的问题,可以killall -9 杀掉重启试试
$ salt '*' saltutil.pillar_refresh 刷新pillar数据 $ salt '*' pillar.items #获取pillar数据 $ salt '*' pillar.data #获取pillar数据 $ salt 'ubuntu' pillar.items application:mysql-databases:grants:from ubuntu: ---------- application:mysql-databases:grants:from: % $ salt '*' grains.items #获取grains 数据 $ salt '*' grains.ls $ salt 'ubuntu' grains.item ip_interfaces:eth0 ubuntu: ---------- ip_interfaces:eth0: - 192.168.100.130 - fe80::20c:29ff:fea9:c4f4
$ salt 'ubuntu' sys.doc #获取帮助信息
## mongodb 部署
#### 目录结构
$ tree subsystem/mongo mongo ├── client │ ├── init.sls │ └── mongo-client-install.sls ├── init.sls └── server ├── init.sls ├── mongo-3.4.pub ├── mongodb-install.sls ├── mongodb-reconfigure.sls └── mongod_conf.jinja
#### sls文件编写
$ cat init.sls include: - .server - .client
$ cat server/init.sls #初始化模板,这样写易于扩展 {% if 'mongo-server' in pillar['subsystem'] and pillar['subsystem']['mongo-server']['status'] == 'installed' %} include: - .mongodb-reconfigure {% elif 'mongo-server' in pillar['subsystem'] and pillar['subsystem']['mongo-server']['status'] == 'pre-install' %} include: - .mongodb-install
$ cat server/mongodb-install.sls #安装sls文件 {% set config = pillar['subsystem']['mongo-server'] %} subsystem.mongo.server.deploy: pkgrepo.managed: - humanname: mongodb-org-3.4 - name: deb [ arch=amd64 ] http://mirrors.aliyun.com/mongodb/apt/ubuntu trusty/mongodb-org/3.4 multiverse - key_url: salt://subsystem/mongodb/mongo-3.4.pub - file: /etc/apt/sources.list.d/mongodb-org-3.4.list - unless: apt-key list|grep -qE 'MongoDB 3.4 Release' pkg.installed: - name: mongodb-org - skip_verify: True - skip_suggestions: True file.directory: - name: /data/mongodata - user: mongodb - group: mongodb - makedirs: True subsystem.mongo.server.config: file.managed: - name: /etc/mongod.conf - source: salt://subsystem/mongo/server/mongod_conf.jinja - template: jinja - defaults: config: {{ pillar['subsystem']['mongo-server'] | json() }} service.running: - name: mongod - enable: True - restart: True - watch: - file: /etc/mongod.conf subsystem.mongo.server.root: cmd.run: - cwd: /root - name: mongo admin --eval "db.createUser({user:'mongodbadmin', pwd:'{{ config['install_password'] }}', roles:['root']})" - unless: echo 'show users' | mongo admin | grep -qE '.*_id.*admin.mongodbadmin' - require: - service: mongod
$ cat server/mongod_conf.jinja #配置文件jinja模板 storage: dbPath: /data/mongodata journal: enabled: true systemLog: destination: file logAppend: true path: /data/mongodata/mongod.log net: port: {{ config['listen-port'] if 'listen-port' in config else '27017' }} bindIp: {{ config['listen-ip'] if 'listen-ip' in config else '127.0.0.1' }} {% if 'status' in config and config['status'] == 'installed' %} security: authorization: enabled {% endif %}
$ cat server/mongo-3.4.pub #apt安装所需要的mongo公钥 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFaUNhsBEACkTlpL9xCrlirl77tahFzzd9ccTc5wP+M3oob18GIaMYKicjbR h6J6ytCiXCkl65zYKvQdLkt8qlkBVc5DxGeJvD41IY3NzGPz+BZ9pFFBndAE+JEP ng0ULLxzUDmWXIoukdHqf92BSizTFd2A8v+YGuwOkNBdPi/BHkwiViAaAKDZm/4k 9LZeOF0v7gZF89QD75NrSCKo5SGFRb8Cxi4KR4cS/jPuQVjd+B9fWkc74BUWE91t 3R87Uypd+1qnmoN6cOssLZ4s8n/cyOCkVphGmk1tDDhbEsI4knOqtPXaBHiC4lVI ghpTHEDUuDfbQ7scySae8/YItTC/vVGngiJmZSfZU5AvVspe6rfkHQHqZs3gYMqj XPl7acviEAZ7OiMp9diq6Kgp+xLRvRGL+jtUjLkP5O4gJlnxCm7YWrYfYA/vHULD MyIGSBzuESGxL+Ygz+Dc0Aim9NPM5KhpV5FoAXNt50cn6n1adIwbUciRY0zBXKAI Vj6D+j3e0ozsO+GGEpmQFAIo1h7CEn8VV61WaLz2F60LKR8d/DEMZ7SY8uznbzkm TJCeCp/pTnPeGwkyJmJ78LAaKw2tSCeEAfRlnzPeQeanOnEX/wnAjHHAHewvGgQe GW1QkEdy8zNmfODDf9wqknBShaFRHAOAQFEgBAkYHuT4SgHqW8TVDtF3CQARAQAB tDdNb25nb0RCIDMuNCBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwYWNrYWdpbmdAbW9u Z29kYi5jb20+iQI+BBMBAgAoBQJWlDYbAhsDBQkDwmcABgsJCAcDAgYVCAIJCgsE FgIDAQIeAQIXgAAKCRC8cR+boVcDxmtEEACSjnZcwcozGYS/8peH2P8yPxD2mXVQ AJ8Pss+YBo8hpRaiA7BEY+FFthbSYEX8XRR/Bg9HjDk9CNXc221I0WcTRv3Sb718 QutRd4ppdGtusgTHjUdYNDzctExU90vtJRvwI2oiz2YA8dM7mtTzUFpR4IQGopB4 PmjEls6hkebTjjSaO9UmcLyip+S+rTZ9c8UQvBH7rNoe4QacmGi/l/uUo/q4J7nE jtjpsemUK7LWY7YtB21F/hH3OrQkgQAoVv2q2xSaiLJeWsr33jgd4o4/d3QN1t/P GkNIOEBdO/hM8uOj+hGD+tDphHzd9jGjALqV6lC2k9zNXyAFnTUwp0NL74hODv6z daihKu4fTRU7S0eYSGc2sQDPiiQF5YkxAHqADnPmR2ZpBVVtbUNB31BDOYjTzRwq tkLKRCgI29Kgut0Uhvq+/Hx+0485ndgzcqeaLhslUagZy1bXN3sDW4QYN2tPvP+P 2JDtGydsYGZCWA0FBRFdsSbruBSK/BkEpGhq97bE9vclfVchb989A47lgErusw5C xtLxUGPmVc2dYmHJLUkgHszdcTLHwy8/arYMehG7RVzAEG55AueLsc9B0vSI0E6r lvalHgoCttCynEzM4Ol1rcG9XtlCyKk4AeimYLE/cxlckDoIVVwrFXrRrhB41Asw rP4l4xtk+nWHpg== =F42J -----END PGP PUBLIC KEY BLOCK-----
$ cat server/mongodb-reconfigure.sls #如果配置文件有变,就重启 subsystem.mongo.server.config: file.managed: - name: /etc/mongod.conf - source: salt://subsystem/mongo/server/mongod_conf.jinja - template: jinja - defaults: config: {{ pillar['subsystem']['mongo-server'] | json() }} service.running: - name: mongod - enable: True - restart: True - watch: - file: /etc/mongod.conf
$ cat client/init.sls #client客户端安装,易于扩展 {% if 'mongo-client' in pillar['subsystem'] and pillar['subsystem']['mongo-client']['status'] == 'pre-install' %} include: - .mongo-client-install {% endif %}
$ cat client/mongo-client-install.sls #客户端安装 Add apt-repo of mongodb-org on {{ grains['id'] }}: pkgrepo.managed: - humanname: mongodb-org-3.4 - name: deb [ arch=amd64 ] http://mirrors.aliyun.com/mongodb/apt/ubuntu trusty/mongodb-org/3.4 multiverse - key_url: salt://subsystem/mongodb/mongo-3.4.pub - file: /etc/apt/sources.list.d/mongodb-org-3.4.list - unless: apt-key list|grep -qE 'MongoDB 3.4 Release' pkg.installed: - name: mongodb-org-shell - skip_verify: True - skip_suggestions: True
## mongodb增删创建库与用户 #### 目录结构 $ tree application/mongo mongo ├── init.sls ├── mongo_create.sh ├── mongo_drop.sh ├── mongo_user_create.sh └── mongo_user_drop.sh
#### sls 文件编写 $ cat mongo/init.sls {% if 'mongodb-client' in pillar['subsystem'] and pillar['subsystem']['mongodb-client']['status'] == 'installed' %} {% for mongo in pillar['application']['mongodb-instances'] %} {% for db in mongo['dbs'] %} {% if 'delete' in db and db['delete'] %} Drop mongo database {{ db['dbname'] }}: cmd.script: - name: salt://application/mongo/mongo_drop.sh - cwd: /root - stateful: True - template: jinja - default: dbname: {{ db['dbname'] }} adminuser: {{ mongo['adminuser'] }} adminpasswd: {{ mongo['adminpasswd'] }} host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }} port: {{ mongo['port'] if 'port' in mongo else '27017' }} {% else %} Create mongo database {{ db['dbname'] }}: cmd.script: - name: salt://application/mongo/mongo_create.sh - cwd: /root - stateful: True - template: jinja - default: dbname: {{ db['dbname'] }} adminuser: {{ mongo['adminuser'] }} adminpasswd: {{ mongo['adminpasswd'] }} host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }} port: {{ mongo['port'] if 'port' in mongo else '27017' }} {% if 'users' in db %} {% for user in db['users'] %} {% if 'delete' in user and user['delete'] %} Drop user {{ user['username'] }} on {{ db['dbname'] }}: cmd.script: - name: salt://application/mongo/mongo_user_drop.sh - cwd: /root - stateful: True - template: jinja - default: username: {{ user['username'] }} adminuser: {{ mongo['adminuser'] }} adminpasswd: {{ mongo['adminpasswd'] }} host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }} port: {{ mongo['port'] if 'port' in mongo else '27017' }} dbname: {{ db['dbname'] }} {% else %} Create user {{ user['username'] }} on {{ db['dbname'] }}: cmd.script: - name: salt://application/mongo/mongo_user_create.sh - cwd: /root - stateful: True - template: jinja - default: username: {{ user['username'] }} mongo_password: {{ user['password'] }} privileges: {{ user['privileges'] if 'privileges' in user else ['read'] | json() }} adminuser: {{ mongo['adminuser'] }} adminpasswd: {{ mongo['adminpasswd'] }} host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }} port: {{ mongo['port'] if 'port' in mongo else '27017' }} dbname: {{ db['dbname'] }} {% endif %} # delete in user {% endfor %} # user in db {% endif %} # user in db {% endif %} {% endfor %} {% endfor %} {% endif %}
#### 创建db脚本
$ cat mongo/mongo_create.sh #!/usr/bin/env bash #_author=jony #判断db是否存在 info=$(echo 'show dbs'|mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin) if echo ${info}|grep -qE "{{ dbname }}"; then echo "changed=false comment='db {{ dbname }} is already present'" exit 0 elif [ -n "${1}" -a "${1}" == "test" ];then echo "changed=false comment='db {{ dbname }} is already present ${info}' test=True" exit 0 fi #创建db info=$(mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin {{ dbname }} --eval "db.iteminfo.insert({dbinfo:'mongo for game'})") if echo $info |grep -qE "nInserted";then echo "changed=true comment='Create mongodb {{ dbname }} on {{ host }} Success!'" exit 0 else echo "changed=false comment='Create mongodb {{ dbname }} on {{ host }} Failed!" exit 1 fi
#### 删除db脚本
$ cat mongo/mongo_drop.sh #!/usr/bin/env bash #_autho=jony #判断db是否存在 info=$(echo 'show dbs;' |mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin) if echo ${info} |grep -qvE "{{ dbname }}"; then echo "changed=false comment='db {{ dbname }} is absent'" exit 0 elif [ -n "${1}" -a "${1}" == "test" ];then echo "changed=false comment='db {{ dbname }} is absent' test=True" exit 0 fi #创建db info=$(mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin {{ dbname }} --eval "db.dropDatabase()") if echo $info |grep -qE ".*dropped.*ok.*1";then echo "changed=true comment='Drop mongodb {{ dbname }} on {{ host }} Success!'" exit 0 else echo "changed=false comment='Drop mongodb {{ dbname }} on {{ host }} Failed!'" exit 1 fi
#### 创建用户并授权
$ cat mongo/mongo_user_create.sh #!/usr/bin/env bash #_author=jony msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUsers()") _action=0 #判断用户是否存在 if echo ${msg}|grep -qE '.*_id" : "{{ dbname }}.{{ username }}"';then # 判断权限是否有变更 _priv=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUser('{{ username }}')" |awk -F':' '/"role"/{print $2}'|tr -d '\n ",') _cpriv=$(echo {{ privileges }} | tr -d '[, ]') if [[ ${_priv} == ${_cpriv} ]]; then echo "changed=false comment='{{ dbname }}.{{ username }} with roles is already present '" exit 0 else _action=1 fi elif [ -n "${1}" -a "${1}" == "test" ];then echo "changed=false comment='{{ dbname }}.{{ username }} is already present' test=True" exit 0 fi if [ ${_action} -eq 0 ];then #创建用户 msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" \ --eval 'db.createUser({user:"{{ username }}",pwd:"{{ mongo_password }}",roles:["{{ privileges }}"]})') if echo $msg |grep -qE "Successfully added";then echo "changed=true comment='Create {{ dbname }}.{{ username }} Success!'" exit 0 else echo "changed=false comment='Create {{ dbname }}.{{ username }} Failed!" exit 1 fi else msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" \ --eval 'db.updateUser("{{ username }}",{roles:[ "{{ privileges | join('","') }}" ]})') if [ $? -eq 0 ];then echo "changed=true comment='Change privileges Success!'${_cpriv} and ${_priv}" exit 0 else echo "changed=false comment='Change privileges Failed!'" exit 1 fi fi
#### 删除用户
$ cat mongo/mongo_user_drop.sh #!/usr/bin/env bash #_author=jony #判断user是否存在 info=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUsers()") if echo ${info}|grep -qvE "{{ dbname }}.{{ username }}"; then echo "changed=false comment='{{ dbname }}.{{ username }} is already present'" exit 0 elif [ -n "${1}" -a "${1}" == "test" ];then echo "changed=false comment='{{ dbname }}.{{ username }} is already present' test=True" exit 0 fi #删除用户 info=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.dropUser('{{ username }}')") if echo $info |grep -qE "true";then echo "changed=true comment='Drop {{ dbname }}.{{ username }} Success!'" exit 0 else echo "changed=false comment='Drop {{ dbname }}.{{ username }} Failed!" exit 1 fi