SaltStack(二)——配置管理
SaltStack——配置管理
- 1. YAML语言
- 2. 用saltstack配置一个apache实例
- 2.1 在master上部署sls配置文件并执行
- 2.2 在minion上检查
- 3. top file
- 3.1 top file简介
- 3.2 高级状态highstate的使用
1. YAML语言
YAML是一种直观的能够被电脑识别的数据序列化格式,是一个可读性高并且容易被人类阅读,容易和脚本语言交互,用来表达资料序列的编程语言。
它类似于标准通用标记语言的子集XML的数据描述语言,语法比XML简单很多。
house:
family:
name: Doe
parents:
- John
- Jane
children:
- Paul
- Mark
- Simone
address:
number: 34
street: Main Street
city: Nowheretown
zipcode: 12345
YAML的基本规则:
- 使用缩进来表示层级关系,每层2个空格,禁止使用TAB键
- 当冒号不是处于最后时,冒号后面必须有一个空格
- 用 - 表示列表,- 的后面必须有一个空格
- 用 # 表示注释
YAML配置文件要放到saltstack让我们放的位置,可以在saltstack的master配置文件中查找file_roots即可看到。
[root@nfs-backup ~]# vim /etc/salt/master
第一步搜索fire_roots,并去掉之前的注释部分
file_roots:
base:
- /srv/salt/
dev:
- /srv/salt/dev/services
- /srv/salt/dev/states
prod:
- /srv/salt/prod/services
- /srv/salt/prod/states
| 在这里有个特别需要我们注意的问题,一定要确保file_roots前面没有空格,而base前两个空格,-前面四个空格,在salt的配置里面空格十分重要,我们必须高度注意,否则及其容易造成实验不成功,之所以对空格敏感主要salt基于Python开发,并采用了yaml的语法.(注意注意注意,不要使用tab键) |
|---|
需要注意:
| base是默认的位置,如果file_roots只有一个,则base是必备的且必须叫base,不能改名 |
|---|
2. 用saltstack配置一个apache实例
2.1 在master上部署sls配置文件并执行
[root@nfs-backup ~]# tree /srv/salt/
/srv/salt/
├── dev
├── prod
└── web
└── apache
4 directories, 0 file
//生成一个状态描述文件apache.sls
[root@nfs-backup ~]# cd /srv/salt/web/apache/
[root@nfs-backup apache]# vim apache.sls
apache-install:
pkg.installed:
- name: httpd
apache-service:
service.running:
- name: httpd
- enable: True
// YAML 配置文件中顶格写的被称作ID,必须全局唯一,不能重复
// SaltStack 读 YAML 配置文件时是从上往下读,所以要把先执行的写在前面
| salt '’ state.sls apache #其中salt为命令不必多说 ‘’代表在所有主机上,state则是模块而sls则是方法(这是由于这个方法所以我们之前所采用的后缀才为sls)而apache则是我们之前编写的状态文件名(不包含后缀),也是给前面传入的参数。所以这条命令就是在所有机器上执行apache这个状态 |
|---|
[root@nfs-backup ~]# salt '192.168.157.33' state.sls web.apache.apache saltenv=base
192.168.157.33:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 14:48:05.167539
Duration: 17437.539 ms
Changes:
----------
apr:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-89.el7.centos
old:
httpd-tools:
----------
new:
2.4.6-89.el7.centos
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 14:48:23.776847
Duration: 525.61 ms
Changes:
----------
httpd:
True
Summary for 192.168.157.33
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 17.963 s
2.2 在minion上检查
[root@xaii ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2019-06-11 14:48:24 -02; 7min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 6687 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─6687 /usr/sbin/httpd -DFOREGROUND
├─6688 /usr/sbin/httpd -DFOREGROUND
├─6689 /usr/sbin/httpd -DFOREGROUND
├─6690 /usr/sbin/httpd -DFOREGROUND
├─6692 /usr/sbin/httpd -DFOREGROUND
└─6694 /usr/sbin/httpd -DFOREGROUND
6月 11 14:48:23 xaii systemd[1]: Starting The Apache HTTP Server...
6月 11 14:48:24 xaii httpd[6687]: AH00558: httpd: Could not reliably determine the se...age
6月 11 14:48:24 xaii systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
由以上内容可知apache确实已部署成功。
执行状态文件的技巧:
- 先用test.ping测试需要执行状态文件的主机是否能正常通信,然后再执行状态文件
3. top file
3.1 top file简介
直接通过命令执行sls文件时够自动化吗?答案是否定的,因为我们还要告诉某台主机要执行某个任务,自动化应该是我们让它干活时,它自己就知道哪台主机要干什么活,但是直接通过命令执行sls文件并不能达到这个目的,为了解决这个问题,top file应运而生。
top file就是一个入口,top file的文件名可通过在master的配置文件中搜索top.sls找出,且此文件必须要在base环境中,默认情况下此文件必须叫top.sls。
top file的作用就是告诉对应的主机要干什么活,比如让web服务器启动web服务,让数据库服务器安装mysql等。
top file实例:
[root@nfs-backup ~]# cd /srv/salt
[root@nfs-backup salt]# vim apache.sls
base: //要执行状态文件的环境
'192.168.157.33': //要执行状态文件的目标
- web.apache.apache //要执行的状态文件
//停止minion的httpd
[root@xaii ~]# systemctl stop httpd
//使用高级状态来执行
[root@nfs-backup salt]# salt "*" state.highstate
192.168.157.33:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 15:04:24.750504
Duration: 1000.86 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is running
Started: 15:04:25.752162
Duration: 708.155 ms
Changes:
----------
httpd:
True
Summary for 192.168.157.33
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 1.709 s
//查看minion端httpd状态
[root@xaii ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2019-06-11 15:04:26 -02; 28s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 6741 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 6850 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─6850 /usr/sbin/httpd -DFOREGROUND
├─6851 /usr/sbin/httpd -DFOREGROUND
├─6852 /usr/sbin/httpd -DFOREGROUND
├─6854 /usr/sbin/httpd -DFOREGROUND
├─6855 /usr/sbin/httpd -DFOREGROUND
└─6856 /usr/sbin/httpd -DFOREGROUND
6月 11 15:04:25 xaii systemd[1]: Starting The Apache HTTP Server...
6月 11 15:04:26 xaii httpd[6850]: AH00558: httpd: Could not reliably determine the se...age
6月 11 15:04:26 xaii systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
注意:
| top file里面的目标是用 * 表示的,要注意的是,top file里面的 * 表示的是所有要执行状态的目标,而 salt ‘*’ state.highstate 里面的 * 表示通知所有机器干活,而是否要干活则是由top file来指定的 |
|---|
3.2 高级状态highstate的使用
管理saltstack时,一般是最常用的管理操作就是执行高级状态
[root@nfs-backup ~]# salt '*' state.highstate //生产环境禁止这样使用salt命令
注意:
| 上面让所有人执行高级状态,但是实际工作中,一般不会这么用,工作中一般都是通知某台或某些台目标主机来执行高级状态,具体是否执行则是由top file来决定的。若在执行高级状态时,加上参数test=True,则它会告诉我们它将要做什么,但是它不会真的去执行这个操作。 |
|---|
//关闭minion端httpd服务,并在master端执行高级状态测试
[root@nfs-backup ~]# salt '192.168.157.33' state.highstate test=True
192.168.157.33:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 15:21:08.900030
Duration: 526.326 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: None
Comment: Service httpd is set to start
Started: 15:21:09.427151
Duration: 39.393 ms
Changes:
Summary for 192.168.157.33
------------
Succeeded: 2 (unchanged=1)
Failed: 0
------------
Total states run: 2
Total run time: 565.719 ms
//在minion端查看httpd是否被启动
[root@xaii ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since 二 2019-06-11 15:20:39 -02; 1min 52s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 6877 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Process: 6850 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)
Main PID: 6850 (code=exited, status=0/SUCCESS)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
6月 11 15:04:25 xaii systemd[1]: Starting The Apache HTTP Server...
6月 11 15:04:26 xaii httpd[6850]: AH00558: httpd: Could not reliably determine the server's fu...sage
6月 11 15:04:26 xaii systemd[1]: Started The Apache HTTP Server.
6月 11 15:20:38 xaii systemd[1]: Stopping The Apache HTTP Server...
6月 11 15:20:39 xaii systemd[1]: Stopped The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
//由此可见,添加参数test=True后,高级状态并没有执行。