本文介绍了SaltStack的配置管理,包括YAML语言的基本规则,如何用SaltStack配置Apache实例,以及top file的介绍和高级状态highstate的使用。在Master上部署sls配置文件后,在Minion上检查确认Apache成功部署。top file作为自动化入口,定义了主机执行的任务,而highstate则用于日常管理操作,可以预览执行计划而不实际执行。
一. YAML语言
YAML是一种直观的能够被电脑识别的数据序列化格式,是一个可读性高并且容易被人类阅读,容易和脚本语言交互,用来表达资料序列的编程语言。
它类似于标准通用标记语言的子集XML的数据描述语言,语法比XML简单很多。
YAML语言的格式如下:
house:
family:
name: Doe
parents:
- John
- Jane
children:
- Paul
- Mark
- Simone
address:
number: 34
street: Main Street
city: Nowheretown
zipcode: 12345
YAML的基本规则:
- 使用缩进来表示层级关系,每层2个空格,禁止使用TAB键
- 当冒号不是处于最后时,冒号后面必须有一个空格
- 用 - 表示列表,-
- 的后面必须有一个空格 用 # 表示注释
YAML配置文件要放到SaltStack让我们放的位置,可以在SaltStack的 Master 配置文件中查找file_roots即可看到。
[root@master ~]# cd /etc/salt/
[root@master salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
[root@master salt]# vim master
677 #file_roots:
678 # base:
679 # - /srv/salt
680 #
## 在配置文件里面加入以下内容
681 file_roots:
682 base: ## 基础环境
683 - /srv/salt/base
684 test: ## 测试环境
685 - /srv/salt/test
686 dev: ## 开发环境
687 - /srv/salt/dev
688 prod: ## 生产环境
689 - /srv/salt/prod
// 创建刚刚配置文件里面写的目录
[root@master salt]# ls /srv/
[root@master salt]# mkdir -p /srv/salt/{base,test,dev,prod}
[root@master salt]# tree /srv/
/srv/
└── salt
├── base
├── dev
├── prod
└── test
5 directories, 0 files
// 因为改了master的配置文件所以要重启master
[root@master salt]# systemctl restart salt-master
需要注意:
base是默认的位置,如果file_roots只有一个,则base是必备的且必须叫base,不能改名
saltstack比ansible更加强调解耦的概念
二、用SaltStack配置一个apache实例
1 在Master上部署sls配置文件并执行
// 进到/srv/salt/base里面创建一个目录结构
[root@master ~]# cd /srv/salt/base/
[root@master base]# ls
[root@master base]# mkdir web/{nginx,apache} -p
[root@master base]# tree
.
└── web
├── apache
└── nginx
3 directories, 0 files
// 进入web/apache下面,写一个apache.sls状态文件
// YAML 配置文件中顶格写的被称作ID,必须全局唯一,不能重复
// SaltStack 读 YAML 配置文件时是从上往下读,所以要把先执行的写在前面
[root@master base]# vim web/apache/apache.sls
apache-install:
pkg.installed:
- name: httpd
apache-service:
service.running:
- name: httpd
- enable: true
[root@master base]# tree
.
└── web
├── apache
│ └── apache.sls
└── nginx
3 directories, 1 file
// 在minion2上执行apache.sls状态文件
[root@master base]# salt 'minion2' state.sls web.apache.apache saltenv=base
state意思是执行,state.sls意思就是执行状态;整句意思是执行base环境下面的web下面的apache下面的apache。
如果用的是base环境的话,saltenv=base可以省略;但是如果是dev、prod、test的话就必须加上saltenv=dev、prod、test
网慢所以才导致安装慢,等一小会就好了。
minion2:
Minion did not return. [No response]
The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:
salt-run jobs.lookup_jid 20211102102604498582 #如果报了以上这种错误,并没有任何影响,不用管它,然后执行这条命令就可以看见minion2的信息
ERROR: Minions returned with non-zero exit code
//查看状态文件执行的结果
[root@master base]# salt-run jobs.lookup_jid 20211102102604498582
minion2:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 18:26:08.273303
Duration: 11811.171 ms
Changes:
----------
apr:
----------
new:
1.4.8-7.el7
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-97.el7.centos.1
old:
httpd-tools:
----------
new:
2.4.6-97.el7.centos.1
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 18:26:20.103534
Duration: 29395.506 ms
Changes:
----------
httpd:
True
Summary for minion2
------------
Succeeded: 2 (changed=2) ## 如果再次执行一遍,整个字体都是绿色的,而且这里也没用changed,就说明已经达到了目标状态,已经达到了目标状态就不做任何事。如果它没有达到目标状态那就要让它去达到目标状态。
Failed: 0
------------
Total states run: 2
Total run time: 41.207 s
2 在Minion上检查
// 在minion2上查看安装的apache服务
[root@minion2 ~]# rpm -qa|grep httpd
httpd-tools-2.4.6-97.el7.centos.1.x86_64
httpd-2.4.6-97.el7.centos.1.x86_64
[root@minion2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@minion2 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2021-11-02 18:26:49 CST; 15min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 57712 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─57712 /usr/sbin/httpd -DFOREGROUND
├─58241 /usr/sbin/httpd -DFOREGROUND
├─58242 /usr/sbin/httpd -DFOREGROUND
├─58243 /usr/sbin/httpd -DFOREGROUND
├─58244 /usr/sbin/httpd -DFOREGROUND
└─58245 /usr/sbin/httpd -DFOREGROUND
11月 02 18:26:20 minion2 systemd[1]: Starting The Apache HTTP Se...
11月 02 18:26:39 minion2 httpd[57712]: AH00558: httpd: Could not...
11月 02 18:26:49 minion2 systemd[1]: Started The Apache HTTP Ser...
Hint: Some lines were ellipsized, use -l to show in full.
由以上内容可知apache确实已部署成功。
执行状态文件的技巧:
- 先用test.ping测试需要执行状态文件的主机是否能正常通信,然后再执行状态文件
三、top file
1 top file介绍
直接通过命令执行sls文件时够自动化吗?答案是否定的,因为我们还要告诉某台主机要执行某个任务,自动化应该是我们让它干活时,它自己就知道哪台主机要干什么活,但是直接通过命令执行sls文件并不能达到这个目的,为了解决这个问题,top file 应运而生。
top file就是一个入口,top file的文件名可通过在 Master的配置文件中搜索top.sls找出,且此文件必须在 base 环境中,默认情况下此文件必须叫top.sls。
top file的作用就是告诉对应的主机要干什么活,比如让web服务器启动web服务,让数据库服务器安装mysql等等。
top file:定义文件入口
一对多
top file 实例:
[root@minion ~]# cat /etc/redhat-release
CentOS Stream release 8
[root@minion ~]# yum list all|grep nginx ## centos8上默认是有nginx的
nginx.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-all-modules.noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-filesystem.noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-http-image-filter.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-http-perl.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-http-xslt-filter.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-mail.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-stream.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
pcp-pmda-nginx.x86_64 5.3.4-1.el8 appstream
[root@minion2 ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@minion2 ~]# yum list all|grep httpd ## centos7上默认是有httpd的
httpd-tools.x86_64 2.4.6-97.el7.centos.1 @updates
httpd.x86_64 2.4.6-97.el7.centos.1 updates
httpd-devel.x86_64 2.4.6-97.el7.centos.1 updates
httpd-manual.noarch 2.4.6-97.el7.centos.1 updates
keycloak-httpd-client-install.noarch 0.8-1.el7 base
libmicrohttpd.i686 0.9.33-2.el7 base
libmicrohttpd.x86_64 0.9.33-2.el7 base
libmicrohttpd-devel.i686 0.9.33-2.el7 base
libmicrohttpd-devel.x86_64 0.9.33-2.el7 base
libmicrohttpd-doc.noarch 0.9.33-2.el7 base
python2-keycloak-httpd-client-install.noarch
[root@master base]# tree
.
└── web
├── apache
│ └── install.sls
└── nginx
3 directories, 1 file
// 给nginx写一个状态文件,描述一下要干什么事
[root@master base]# vim web/nginx/install.sls
nginx-install:
pkg.installed:
- name: nginx
nginx-service:
service.running:
- name: nginx
- enable: true
[root@master base]# tree
.
└── web
├── apache
│ └── install.sls
└── nginx
└── install.sls
3 directories, 2 files
// 写一个top file
[root@master base]# ls
web
[root@master base]# vim top.sls
base: ## 要执行状态文件的环境
'minion': ## 要执行状态文件的目标
- web.nginx.install ## 要执行的状态文件
'minion2':
- web.apache.install
## 让minion去执行base环境下面的web下面的nginx下面的install这个文件;让minion2去执行base环境下面的web下面的apache下面的install
// 针对所有主机去执行状态文件里面的状态模块里面的高级状态,这个高级状态会去读取top file里面的任务,而且top file里面也明确写了哪个主机去做什么事。这边一执行那边就会各自做各自的事。
[root@master base]# salt '*' state.highstate saltenv=base
master: ## 因为top file里面没有写master要干什么,所以会报红,这里不用管它
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found. Please see master log for details.
Changes:
Summary for master
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
minion:
Minion did not return. [No response]
The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:
salt-run jobs.lookup_jid 20211102111948584886
minion2:
Minion did not return. [No response]
The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:
salt-run jobs.lookup_jid 20211102111948584886
ERROR: Minions returned with non-zero exit code
// 二次执行,就能看见状态文件执行的结果
[root@master base]# salt '*' state.highstate
master:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found. Please see master log for details.
Changes:
Summary for master
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
minion2:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 19:30:03.026893
Duration: 794.833 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 19:30:03.824491
Duration: 40.209 ms
Changes:
Summary for minion2
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 835.042 ms
minion:
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: True
Comment: All specified packages are already installed
Started: 19:30:01.692266
Duration: 1003.904 ms
Changes:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: The service nginx is already running
Started: 19:30:02.698575
Duration: 49.184 ms
Changes:
Summary for minion
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 1.053 s
ERROR: Minions returned with non-zero exit code
//查看minion的httpd状态
[root@minion2 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2021-11-02 19:20:29 CST; 5min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 115057 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─115057 /usr/sbin/httpd -DFOREGROUND
├─115516 /usr/sbin/httpd -DFOREGROUND
├─115517 /usr/sbin/httpd -DFOREGROUND
├─115518 /usr/sbin/httpd -DFOREGROUND
├─115519 /usr/sbin/httpd -DFOREGROUND
└─115520 /usr/sbin/httpd -DFOREGROUND
11月 02 19:20:02 minion2 systemd[1]: Starting The Apache HTTP Se...
11月 02 19:20:17 minion2 httpd[115057]: AH00558: httpd: Could no...
11月 02 19:20:29 minion2 systemd[1]: Started The Apache HTTP Ser...
Hint: Some lines were ellipsized, use -l to show in full.
[root@minion2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
//查看minion2的nginx状态
[root@minion ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; >
Active: active (running) since Tue 2021-11-02 19:21:24 CST; 5min>
Main PID: 179241 (nginx)
Tasks: 2 (limit: 4743)
Memory: 8.7M
CGroup: /system.slice/nginx.service
├─179241 nginx: master process /usr/sbin/nginx
└─179242 nginx: worker process
11月 02 19:21:24 minion systemd[1]: Starting The nginx HTTP and rev>
11月 02 19:21:24 minion nginx[179210]: nginx: the configuration fil>
11月 02 19:21:24 minion nginx[179210]: nginx: configuration file /e>
11月 02 19:21:24 minion systemd[1]: nginx.service: Failed to parse >
11月 02 19:21:24 minion systemd[1]: Started The nginx HTTP and reve>
[root@minion ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:80 [::]:*
注意:
若top file里面的目标是用 * 表示的,要注意的是,top file里面的 * 表示的是所有要执行状态的目标,而 salt ‘*’ state.highstate 里面的 * 表示通知所有机器干活,而是否要干活则是由top file来指定的
2 高级状态highstate的使用
管理SaltStack时一般最常用的管理操作就是执行高级状态
[root@master ~]# salt '*' state.highstate //生产环境禁止这样使用salt命令
注意:
上面让所有人执行高级状态,但实际工作当中,一般不会这么用,工作当中一般都是通知某台或某些台目标主机来执行高级状态,具体是否执行则是由top file来决定的。
若在执行高级状态时加上参数test=True,则它会告诉我们它将会做什么,但是它不会真的去执行这个操作。
//停掉minon上的httpd服务
[root@minion2 ~]# systemctl stop httpd
[root@minion2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
//在master上执行高级状态的测试
[root@master base]# salt 'minion2' state.highstate test=true
minion2:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 20:51:48.584251
Duration: 1217.84 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: None
Comment: Service httpd is set to start
Started: 20:51:49.807326
Duration: 39.05 ms
Changes:
Summary for minion2
------------
Succeeded: 2 (unchanged=1) ## unchanged意思是还没有改变,但是是可以改变的
Failed: 0
------------
Total states run: 2
Total run time: 1.257 s
//在minion上查看httpd是否启动
[root@minion2 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since 二 2021-11-02 20:46:46 CST; 6min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 3035 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Process: 941 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)
Main PID: 941 (code=exited, status=0/SUCCESS)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
11月 02 20:44:28 minion2 systemd[1]: Starting The Apache HTTP Se...
11月 02 20:44:39 minion2 httpd[941]: AH00558: httpd: Could not r...
11月 02 20:44:56 minion2 systemd[1]: Started The Apache HTTP Ser...
11月 02 20:46:45 minion2 systemd[1]: Stopping The Apache HTTP Se...
11月 02 20:46:46 minion2 systemd[1]: Stopped The Apache HTTP Ser...
Hint: Some lines were ellipsized, use -l to show in full.
//由此可见高级状态并没有执行,因为httpd并没有启动
扫一扫
123
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
