YAML是一种直观的能够被电脑识别的数据序列化格式,是一个可读性高并且容易被人类阅读,容易和脚本语言交互,用来表达资料序列的编程语言。
它类似于标准通用标记语言的子集XML的数据描述语言,语法比XML简单很多。
YAML的语法和其他高级语言类似,并且可以简单表达清单、散列表,标量等数据形态。它使用空白符号缩进和大量依赖外观的特色,特别适合用来表达或编辑数据结构、各种配置文件、倾印调试内容、文件大纲(例如:许多电子邮件标题格式和YAML非常接近)。
尽管它比较适合用来表达层次结构式(hierarchical model)的数据结构,不过也有精致的语法可以表示关系性(relational model)的数据。由于YAML使用空白字符和分行来分隔数据,使得它特别适合用grep/Python/Perl/Ruby操作。其让人最容易上手的特色是巧妙避开各种封闭符号,如:引号、各种括号等,这些符号在嵌套结构时会变得复杂而难以辨认
基本语法:
数据类型:
YAML 对象:
对象键值对使用冒号结构表示 key: value,冒号后面要加一个空格。
也可以使用 key:{key1: value1, key2: value2, …}。
还可以使用缩进表示层级关系:
key:
child-key: value
child-key2: value2
YAML 数组:
以 - 开头的行表示构成一个数组:
- A
- B
- C
YAML的基本规则:
YAML配置文件要放到SaltStack让我们放的位置,可以在SaltStack的 Master 配置文件中查找file_roots即可看到
[root@master ~]# vim /etc/salt/master
...
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
dev:
- /srv/salt/dev
prod:
- /srv/salt/prod
...
[root@master ~]# mkdir -p /srv/salt/{base,test,dev,prod}
[root@master ~]# systemctl restart salt-master
注意:base是默认的位置,如果file_roots只有一个,则base是必备的且必须叫base,不能改名
做下面步骤前需要安装saltsatck,可以参考 SaltStack安装与介绍
注:node01为master,node02为minion
2.1 编辑配置文件
[root@node1 ~]# vim /etc/salt/master
...
//将下面几行取消注释
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
dev:
- /srv/salt/dev
prod:
- /srv/salt/prod
...
[root@master ~]# mkdir -p /srv/salt/{base,test,dev,prod}
[root@master ~]# systemctl restart salt-master
2.2 在Master上部署sls配置文件
[root@node01 ~]# cd /srv/salt/base/
[root@node01 base]# mkdir -p web/apache
[root@node01 base]# cd web/apache/
[root@node01 apache]# vim apache.sls
apache-install:
pkg.installed:
- name: httpd
apache-service:
service.running:
- name: httpd
- enable: True
// YAML 配置文件中顶格写的被称作ID,必须全局唯一,不能重复
// SaltStack 读 YAML 配置文件时是从上往下读,所以要把先执行的写在前面
2.3 执行sls文件
//建议先用test.ping测试需要执行状态文件的主机是否能正常通信,然后再执行状态文件
[root@node01 ~]# salt 'node02' test.ping
node02:
True
[root@node01 ~]# salt 'node02' state.sls web.apache.apache
node02:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 01:06:02.733745
Duration: 500.342 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 01:06:03.234928
Duration: 27.587 ms
Changes:
Summary for node02
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 527.929 ms
2.4 在minion上验证
[root@node02 ~]# rpm -qa |grep httpd
httpd-tools-2.4.6-93.el7.centos.x86_64
httpd-2.4.6-93.el7.centos.x86_64
[root@node02 ~]# ss -antl |grep 80
LISTEN 0 128 [::]:80 [::]:*
3.1 在Master上部署sls配置文件
[root@node01 ~]# cd /srv/salt/base/web/
[root@node01 web]# mkdir nginx
[root@node01 web]# cd nginx/
[root@node01 nginx]# vim nginx.sls
nginx-repo:
cmd.run:
- name: rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
nginx-install:
pkg.installed:
- name: nginx
nginx-service:
service.running:
- name: nginx
- enable: True
3.2 执行sls文件
[root@node01 ~]# salt 'node02' state.sls web.nginx.nginx
node02:
----------
ID: nginx-repo
Function: cmd.run
Name: rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
Result: True
Comment: Command "rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm" run
Started: 01:44:23.420218
Duration: 448.388 ms
Changes:
----------
pid:
1662
retcode:
0
stderr:
warning: /var/tmp/rpm-tmp.HvEQfY: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
stdout:
Retrieving http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
Preparing... ########################################
Updating / installing...
nginx-release-centos-7-0.el7.ngx ########################################
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: True
Comment: The following packages were installed/updated: nginx
Started: 01:44:25.155554
Duration: 7335.865 ms
Changes:
----------
nginx:
----------
new:
1:1.18.0-1.el7.ngx
old:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: Service nginx has been enabled, and is running
Started: 01:44:32.514252
Duration: 128.567 ms
Changes:
----------
nginx:
True
Summary for node02
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 7.913 s
3.3 在minion上验证
[root@node02 ~]# systemctl status nginx
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-08-17 01:44:32 CST; 22s ago
Docs: http://nginx.org/en/docs/
Main PID: 1744 (nginx)
CGroup: /system.slice/nginx.service
├─1744 nginx: master process /usr/sbin/nginx -...
└─1745 nginx: worker process
Aug 17 01:44:32 node02 systemd[1]: Starting nginx - high ...
Aug 17 01:44:32 node02 systemd[1]: Can't open PID file /v...
Aug 17 01:44:32 node02 systemd[1]: Started nginx - high p...
Hint: Some lines were ellipsized, use -l to show in full.
[root@node02 ~]# ss -antl |grep 80
LISTEN 0 128 *:80 *:*
[root@node02 ~]# rpm -qa |grep nginx
nginx-1.18.0-1.el7.ngx.x86_64
nginx-release-centos-7-0.el7.ngx.noarch
通过命令执行sls文件还不够自动化,因为我们还要告诉某台主机执行某个任务。真正的自动化应该是什么样的?应该是我们让它工作时,它自己就知道要做什么事,但是我们要怎么让它知道要做什么事呢?很明显通过命令执行sls文件并不能实现,为了解决这个问题,top file
应运而生。
top file简介:
top file
的作用就是告诉对应的主机要干什么活,比如让web服务器启动web服务,让数据库服务器安装mysql等等。
top文件包含三个组件:
例:
base: //要执行状态文件的环境
'172.16.78.128': //要执行状态文件的目标
- web.apache.apache //要执行的状态文件
top file
就是一个入口,top file的文件名可通过在 Master的配置文件中搜索top.sls找出,且此文件必须在 base 环境中,默认情况下此文件必须叫top.sls
配置实例:
//配置sls文件
[root@node01 ~]# cd /srv/salt/base/web/
[root@node01 web]# mkdir apache
[root@node01 web]# vim apache/apache.sls
apache-install:
pkg.installed:
- name: httpd
apache-server:
service.running:
- name: httpd
- enable: True
//配置top文件
[root@node01 ~]# cd /srv/salt/base/
[root@node01 base]# vim top.sls
base:
'node02':
- web.apache.apache
//使用高级状态执行
[root@node01 ~]# salt 'node02' cmd.run 'ls'
node02:
anaconda-ks.cfg
original-ks.cfg
[root@node01 ~]# salt 'node02' state.highstate
node02:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 16:33:53.964222
Duration: 521.399 ms
Changes:
----------
ID: apache-server
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 16:33:54.486489
Duration: 29.605 ms
Changes:
Summary for node02
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 551.004 ms
//在minion上查看httpd的状态
[root@node02 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-08-18 16:32:10 CST; 2min 38s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 1786 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─1786 /usr/sbin/httpd -DFOREGROUND
├─1860 /usr/sbin/httpd -DFOREGROUND
├─1861 /usr/sbin/httpd -DFOREGROUND
├─1862 /usr/sbin/httpd -DFOREGROUND
├─1863 /usr/sbin/httpd -DFOREGROUND
└─1864 /usr/sbin/httpd -DFOREGROUND
Aug 18 16:31:27 node02 systemd[1]: Starting The Apache HTTP...
Aug 18 16:31:51 node02 httpd[1786]: AH00558: httpd: Could n...
Aug 18 16:32:10 node02 systemd[1]: Started The Apache HTTP ...
Hint: Some lines were ellipsized, use -l to show in full.
注意:
若top file里面的目标是用
*
表示的,要注意的是,top file里面的*
表示的是所有要执行状态的目标,而salt '*' state.highstate
里面的*
表示通知所有机器干活,而是否要干活则是由top file来指定的
使用salt '*' state.highstate
命令时,可以在后面加上test=True
,它会告诉我们它将会做什么,但是它不会真的去执行这个操作