条件判断
[root@master base]# vim test.sls
test_nginx_install:
pkg.installed:
{% if grains['os'] == 'CentOS Stream' %}
- name: httpd
{% elif grains['os'] == 'Ubuntu' %}
- name: apache2
{% endif %}
[root@master base]# salt '*' state.sls test
minion:
----------
ID: test_nginx_install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 08:42:48.498098
Duration: 6862.691 ms
Changes:
Summary for minion1
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 7.691 s
此处省略......
循环语句
[root@master base]# vim test.sls
{% for user in ['tom','tom1'] %}
{{ user }}:
user.present
{% endfor %}
[root@master base]# salt 'minion' state.sls test
minion:
----------
ID: tom
Function: user.present
Result: True
Comment: New user tom created
Started: 08:55:27.673216
Duration: 348.994 ms
Changes:
----------
fullname:
gid:
1000
groups:
- tom
home:
/home/tom
homephone:
name:
tom
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
1000
workphone:
----------
ID: tom1
Function: user.present
Result: True
Comment: New user tom1 created
Started: 08:55:28.022478
Duration: 357.295 ms
Changes:
----------
fullname:
gid:
1001
groups:
- tom1
home:
/home/tom1
homephone:
name:
tom1
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
1001
workphone:
Summary for minion
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 706.289 ms
minion端查看用户
[root@minion ~]# id tom
uid=1000(tom) gid=1000(tom) 组=1000(tom)
[root@minion ~]# id tom1
uid=1001(tom1) gid=1001(tom1) 组=1001(tom1)
masterless配置
- 修改配置文件minion
- 注释master行
- 取消注释file_client并设其值为local
- 设置file_roots
- 设置pillar_roots
[root@minion ~]# vim /etc/salt/minion
......
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
#master: salt #注释掉
#master: 192.168.149.132 #注释掉
......
# Set the file client. The client defaults to looking on the master server for
# files, but can be directed to look at the local file directory setting
# defined below by setting it to "local". Setting a local file_client runs the
# minion in masterless mode.
file_client: remote #这一行取消注释改为local
......
file_roots: #设置file_roots的路径和环境,可有多套环境
base:
- /srv/salt/base #取消注释或者自行添加
- 关闭salt-minion服务
使用 masterless 模式时是不需要启动任何服务的,包括salt-master和salt-minion。
[root@minion ~]# systemctl stop salt-minion
[root@minion ~]# systemctl disable salt-minion
Removed /etc/systemd/system/multi-user.target.wants/salt-minion.service.
- salt-call
masterless模式执行模块或状态时需要使用salt-call命令,而不再是salt或者salt-ssh。需要注意的是要使用salt-call的--local选项。
[root@minion ~]# salt-call --local cmd.run 'uptime'
local:
09:07:40 up 34 min, 2 users, load average: 0.25, 0.22, 0.24
[root@minion ~]# salt-call --local cmd.run 'date'
local:
Wed Jul 21 09:10:46 EDT 2021
[root@minion ~]# mkdir -p /srv/salt/base
[root@minion ~]# cd /srv/salt/base/
[root@minion base]# vim wget.sls
test_wget:
pkg.installed:
- name: wget
[root@minion base]# salt-call --local state.sls wget
local:
----------
ID: test_wget
Function: pkg.installed
Name: wget
Result: True
Comment: All specified packages are already installed
Started: 09:13:12.047074
Duration: 1122.569 ms
Changes:
Summary for local
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 1.123 s
[root@minion base]# which wget
/usr/bin/wget
salt-master高可用
涉及到高可用时,数据的同步是个永恒的话题,我们必须保证高可用的2个master间使用的数据是一致的,包括:
- /etc/salt/master配置文件
- /etc/salt/pki目录下的所有key
- /srv/下的salt和pillar目录下的所有文件
保障这些数据同步的方案有:
- nfs挂载
- rsync同步
- 使用gitlab进行版本控制
安全相关:
为保证数据的同步与防止丢失,可将状态文件通过gitlab进行版本控制管理。
环境说明:
| 主机 | ip |
|---|---|
| master | 192.168.149.132 |
| master1 | 192.168.149.137 |
| minion | 192.168.149.134 |
修改minion端的minion配置文件
[root@minion base]# vim /etc/salt/minion
......
master:
- 192.168.149.132
- 192.168.149.137
......
- 同步配置和数据
[root@master ~]# scp /etc/salt/master 192.168.149.137:/etc/salt
[root@master ~]# scp -r /etc/salt/pki 192.168.149.137:/etc/salt
[root@master ~]# scp -r /srv/salt 192.168.149.137:/srv
[root@master ~]# salt-key -ya minion
[root@master1 ~]# salt-key -ya minion
- 配置故障转移
[root@minion ~]# vim /etc/salt/minion
....
# beacons) without a master connection
# master_type: str
master_type: failover
....
# of TCP connections, such as load balancers.)
# master_alive_interval: 30
master_alive_interval: 3 #当master挂掉后,minion在3秒后自动切换master为master1
[root@minion ~]# systemctl restart salt-minion
- 测试master能否控制minion
[root@master ~]# salt 'minion' test.ping
minion:
True
[root@master1 ~]# salt 'minion' test.ping
minion:
Minion did not return. [No response]
- 模拟master宕机
[root@master ~]# systemctl stop salt-master
[root@master1 ~]# salt 'minion' test.ping
minion:
True
salt-syndic分布式架构
环境说明:
| 主机 | ip |
|---|---|
| master | 192.168.149.132 |
| syndic | 192.168.149.143 |
| minion | 192.168.149.134 |
| minion1 | 192.168.149.137 |
syndic端安装salt-master与salt-syndic
[root@syndic ~]# rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
[root@syndic ~]# curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | tee /etc/yum.repos.d/salt.repo
[salt-latest-repo]
name=Salt repo for RHEL/CentOS 8 PY3
baseurl=https://repo.saltproject.io/py3/redhat/8/x86_64/latest
skip_if_unavailable=True
failovermethod=priority
enabled=1
enabled_metadata=1
gpgcheck=1
gpgkey=https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
[root@syndic ~]# yum -y install salt-master salt-syndic
- 配置master
修改master的master配置文件
取消注释order_master
将order_master的值设为True
[root@master ~]# vim /etc/salt/master
......
# masters' syndic interfaces.
order_masters: True 取消注释改为True
......
[root@master ~]# systemctl restart salt-master
- 配置syndic
[root@syndic ~]# vim /etc/salt/master
.....
syndic_master: 192.168.149.132 取消注释syndic_master
将syndic_master的值设为master的IP
此处省略......
[root@syndic ~]# systemctl enable salt-master
Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service → /usr/lib/systemd/system/salt-master.service.
[root@syndic ~]# systemctl enable salt-syndic
Created symlink /etc/systemd/system/multi-user.target.wants/salt-syndic.service → /usr/lib/systemd/system/salt-syndic.service.
[root@syndic ~]# systemctl restart salt-master
[root@syndic ~]# systemctl restart salt-syndic
配置minion
配置minion,将master指向syndic所在主机
[root@minion1 ~]# vim /etc/salt/minion
......
master: 192.168.149.143
......
[root@minion1 ~]# systemctl restart salt-minion
[root@minion1 ~]# systemctl enable salt-minion
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /usr/lib/systemd/system/salt-minion.service.
在syndic上接受minion主机的key
[root@syndic ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion
minion1
Rejected Keys:
[root@syndic ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
minion
minion1
Proceed? [n/Y] y
Key for minion minion accepted.
Key for minion minion1 accepted.
[root@syndic ~]# salt-key -L
Accepted Keys:
minion
minion1
Denied Keys:
Unaccepted Keys:
Rejected Keys:
在master上接受syndic主机的key
[root@master ~]# salt-key -ya syndic
The following keys are going to be accepted:
Unaccepted Keys:
syndic
Key for minion syndic accepted.
[root@master ~]# salt-key -L
Accepted Keys:
syndic
Denied Keys:
Unaccepted Keys:
master
Rejected Keys:
在master上执行模块或状态检验有几个minion应答
[root@master ~]# salt '*' test.ping
minion1:
True
minion:
True
扫一扫
223
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
