SaltStack进阶
条件判断语句
[root@master base]# vim test.sls
[root@master base]# cat test.sls
{% for user in ['aaa','bbb','ccc'] %}
{{ user }}:
user.present
{% endfor %}
[root@master base]# salt '*' state.sls test
[root@master base]# salt '*' state.sls test
minion1:
----------
ID: aaa
Function: user.present
Result: True
Comment: New user aaa created
Started: 09:54:11.076369
Duration: 447.436 ms
Changes:
----------
fullname:
gid:
1000
groups:
- aaa
home:
/home/aaa
homephone:
name:
aaa
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
1000
workphone:
----------
ID: bbb
Function: user.present
Result: True
Comment: New user bbb created
Started: 09:54:11.524189
Duration: 338.521 ms
Changes:
----------
fullname:
gid:
1001
groups:
- bbb
home:
/home/bbb
homephone:
name:
bbb
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
1001
workphone:
----------
ID: ccc
Function: user.present
Result: True
Comment: New user ccc created
Started: 09:54:11.862905
Duration: 278.741 ms
Changes:
----------
fullname:
gid:
1002
groups:
- ccc
home:
/home/ccc
homephone:
name:
ccc
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
1002
workphone:
Summary for minion1
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 1.065 s
[root@minion1 ~]# id aaa
uid=1000(aaa) gid=1000(aaa) 组=1000(aaa)
[root@minion1 ~]# id bbb
uid=1001(bbb) gid=1001(bbb) 组=1001(bbb)
[root@minion1 ~]# id ccc
uid=1002(ccc) gid=1002(ccc) 组=1002(ccc)
判断语句
[root@master base]# vim test.sls
[root@master base]# cat test.sls
test_nginx_install:
pkg.installed:
{% if grains['os'] == 'CentOS Stream' %}
- name: httpd
{% elif grains['os'] == 'Ubuntu' %}
- name: apache2
{% endif %}
[root@master base]# salt '*' state.sls test
minion1:
----------
ID: test_nginx_install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 10:00:58.626330
Duration: 1576.101 ms
Changes:
Summary for minion1
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 1.576 s
[root@minion1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; ven>
Drop-In: /usr/lib/systemd/system/httpd.service.d
└─php-fpm.conf
Active: inactive (dead)
Docs: man:httpd.service(8)
[root@minion1 ~]# systemctl status apache2
Unit apache2.service could not be found.
masterless
应用场景
- master 与 minion 网络不通或通信有延迟,即网络不稳定
- 想在 minion 端直接执行状态
传统的 SaltStack 是需要通过 master 来执行状态控制 minion 从而实现状态的管理,但是当网络不稳定的时候,当想在minion本地执行状态的时候,当在只有一台主机的时候,想执行状态该怎么办呢?这就需要用到 masterless 了。
有了masterless,即使你只有一台主机,也能玩saltstack,而不需要你有N台主机架构。
masterless配置
修改配置文件minion
注释master行
取消注释file_client并设其值为local
设置file_roots
设置pillar_roots
# resolved, then the minion will fail to start.
#master: 192.168.31.138 注释掉这一行
# defined below by setting it to "local". Setting a local file_client runs the
# minion in masterless mode.
file_client: local 取消注释 并且改为local
file_roots: #设置file_roots的路径和环境
base:
- /srv/salt/base
关闭salt-minion服务
使用 masterless 模式时是不需要启动任何服务的,包括salt-master和salt-minion。
[root@minion1 ~]# systemctl stop salt-minion
[root@minion1 ~]# systemctl disable salt-minion
salt-call命令
masterless模式执行模块或状态时需要使用salt-call命令,而不再是salt或者salt-ssh。需要注意的是要使用salt-call的–local选项。
[root@minion1 ~]# salt-call --local cmd.run 'uptime'
local:
10:13:18 up 7:26, 2 users, load average: 0.09, 0.10, 0.09
[root@minion1 ~]# salt-call --local cmd.run 'date'
local:
Wed Jul 21 10:15:07 EDT 2021
[root@minion1 ~]# salt-call --local cmd.run 'ls -l /root'
local:
total 4
-rw-------. 1 root root 1067 Jul 19 02:26 anaconda-ks.cfg
salt-master高可用
我们需要用salt来管理公司的所有机器,那么salt的master就不能宕机,否则就会整个瘫痪,所以我们必须要对salt进行高可用。salt的高可用配置非常简单,只需要改一下minion配置文件,将master用列表的形式列出即可。
[root@minion1 base]# vim /etc/salt/minion
master:
192.168.31.138
192.168.31.131
本例列出的192.168.31.138和192.168.31.131上必须都安装了salt-master且保证服务都是正常状态。
salt-master高可用之数据同步
涉及到高可用时,数据的同步是个永恒的话题,我们必须保证高可用的2个master间使用的数据是一致的,包括:
/etc/salt/master配置文件
/etc/salt/pki目录下的所有key
/srv/下的salt和pillar目录下的所有文件
保障这些数据同步的方案有:
nfs挂载
rsync同步
使用gitlab进行版本控制
安全相关:
为保证数据的同步与防止丢失,可将状态文件通过gitlab进行版本控制管理。
配置salt-master高可用
| 角色 | 主机名 | IP |
|---|---|---|
| master | master | 192.168.31.138 |
| master | localhost | 192.168.31.131 |
| minion | minion1 | 192.168.31.130 |
同步配置和数据
[root@master ~]# scp /etc/salt/master 192.168.31.131:/etc/salt/master
[root@master ~]# scp -r /etc/salt/pki 192.168.31.131:/etc/salt/
[root@master ~]# scp -r /srv/salt 192.168.31.131:/srv/
[root@localhost ~]# salt-key -L
Accepted Keys:
minion1
Denied Keys:
Unaccepted Keys:
master
Rejected Keys:
配置故障转移
[root@minion1 ~]# vim /etc/salt/minion
# master_type: str
master_type: failover
# Poll interval in seconds for checking if the master is still there. Only
# respected if master_type above is "failover". To disable the interval entirely,
……
# of TCP connections, such as load balancers.)
# master_alive_interval: 30
master_alive_interval: 5 #当master1挂掉后,minion在5秒后自动切换master为master2
[root@minion1 ~]# systemctl restart salt-minion
测试master能否控制minion1
[root@master ~]# salt '*' test.ping
minion1:
True
[root@localhost ~]# salt '*' test.ping
minion1:
Minion did not return. [No response]
模拟master1宕机
[root@master ~]# systemctl stop salt-master
[root@localhost ~]# salt '*' test.ping
minion1:
True
扫一扫
635
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
