vim /etc/salt/master:
[root@localhost pillar]# mkdir /srv/salt/base
[root@localhost pillar]# mkdir /srv/salt/test
[root@localhost pillar]# mkdir /srv/salt/prod
[root@localhost base]# salt '*' state.sls dns
192.168.240.130:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 07:03:37.898401
Duration: 26.143 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,1 @@
-; generated by /sbin/dhclient-script
-search localdomain
-nameserver 223.5.5.5
+nameserver 10.0.0.2
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
192.168.240.131:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 07:03:37.706662
Duration: 77.298 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,1 @@
-; generated by /sbin/dhclient-script
-search localdomain
-nameserver 192.168.240.2
+nameserver 10.0.0.2
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
[root@localhost base]# cat /etc/resolv.conf
nameserver 10.0.0.2

- YAML使用一个固定的缩进风格表示数据层结构关系
- Salt需要每个缩进级别由两个空格组成。
- 不要使用tabs

系统初始化
[root@localhost base]# pwd
/srv/salt/base
[root@localhost base]# tree
.
├── init
│ ├── audit.sls
│ ├── dns.sls
│ ├── env_init.sls
│ ├── files
│ │ └── resolv.conf
│ ├── history.sls
│ └── sysctl.sls
└── top.sls
2 directories, 7 files
[root@localhost base]# cat top.sls
base:
'*':
- init.env_init
[root@localhost base]# cat init/env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
[root@localhost base]# cat init/audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
[root@localhost base]# cat init/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
[root@localhost base]# cat init/history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami` "
[root@localhost base]# cat init/sysctl.sls
vm.swappiness:
sysctl.present:
- value: 0
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 10000
[root@localhost base]# cat init/files/resolv.conf
nameserver 223.5.5.5
[root@localhost base]# salt '*' state.highstate test=True
// 执行
salt '*' state.highstate
功能模块
[root@localhost ~]# mkdir /srv/salt/prod/pkg
[root@localhost ~]# mkdir /srv/salt/prod/haproxy
[root@localhost ~]# mkdir /srv/salt/prod/haproxy/files
[root@localhost ~]# cd /srv/salt/prod/pkg/
[root@localhost pkg]# vim pkg-init.sls
[root@localhost pkg]# cat pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
状态模块:状态间关系
功能:条件判断,主要用于cmd状态模块
常用方法:
- onlyif:检查的命令,仅当"onlyif"选项指向的命令返回true时才执行name定义的命令
- unless:用于检查的命令,仅当"unless"选项指定的命令返回false时才执行name指向的命令
功能名称:requisites
功能:处理状态间关系
常用方法:
- require 我依赖某个状态
- require_in 我被某个状态依赖
- watch 我关注某个状态
- watch_in 我被某个状态关注
[root@localhost haproxy]# pwd
/srv/salt/prod/haproxy
[root@localhost haproxy]# cat install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
haproxy-init:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list | grep haproxy
- require:
- file: /etc/init.d/haproxy
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755
[root@localhost haproxy]# salt '192.168.240.130' state.sls haproxy.install env=prod
192.168.240.130:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 15:46:14.985990
Duration: 1379.723 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: Package glibc is already installed.
Started: 15:46:16.367221
Duration: 0.574 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: Package openssl is already installed.
Started: 15:46:16.367894
Duration: 0.757 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: Package openssl-devel is already installed.
Started: 15:46:16.368891
Duration: 0.574 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 15:46:16.369611
Duration: 0.616 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 15:46:16.370403
Duration: 0.589 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 15:46:16.371081
Duration: 0.387 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.6.2.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.6.2.tar.gz updated
Started: 15:46:16.429228
Duration: 15.668 ms
Changes:
----------
mode:
0755
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless execution succeeded
Started: 15:46:16.456300
Duration: 6.445 ms
Changes:
----------
ID: haproxy-init
Function: file.managed
Name: /etc/init.d/haproxy
Result: True
Comment: File /etc/init.d/haproxy updated
Started: 15:46:16.463460
Duration: 198.725 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: Command "chkconfig --add haproxy" run
Started: 15:46:16.663185
Duration: 142.247 ms
Changes:
----------
pid:
4496
retcode:
0
stderr:
stdout:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_nonlocal_bind = 1
Started: 15:46:16.807326
Duration: 53.294 ms
Changes:
----------
net.ipv4.ip_nonlocal_bind:
1
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: Directory /etc/haproxy updated
Started: 15:46:16.861046
Duration: 2.699 ms
Changes:
----------
/etc/haproxy:
New Dir
Summary
-------------
Succeeded: 13 (changed=5)
Failed: 0
-------------
Total states run: 13
[root@localhost files]# pwd
/srv/salt/prod/cluster/files
[root@localhost files]# cat haproxy-outside.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 192.168.240.131:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 192.168.240.130:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.240.131:8080 check inter 2000 rise 30 fall 15
[root@localhost cluster]# pwd
/srv/salt/prod/cluster
[root@localhost cluster]# cat haproxy-outside.sls
include:
- haproxy.install
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-init
- watch:
- file: haproxy-service
[root@localhost base]# pwd
/srv/salt/base
[root@localhost base]# cat top.sls
base:
'*':
- init.env_init
prod:
'192.168.240.130':
- cluster.haproxy-outside
'192.168.240.131':
- cluster.haproxy-outside
[root@localhost files]# cat haproxy.init
#!/bin/sh
#
# chkconfig: - 85 15
# description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \
# for high availability environments.
# processname: haproxy
# config: /etc/haproxy/haproxy.cfg
# pidfile: /var/run/haproxy.pid
# Script Author: Simon Matter <simon.matter@invoca.ch>
# Version: 2004060600
# Source function library.
if [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
else
exit 0
fi
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# This is our service name
BASENAME=`basename $0`
if [ -L $0 ]; then
BASENAME=`find $0 -name $BASENAME -printf %l`
BASENAME=`basename $BASENAME`
fi
# 修改此处
BIN=/usr/local/haproxy/sbin/$BASENAME
CFG=/etc/$BASENAME/$BASENAME.cfg
[ -f $CFG ] || exit 1
PIDFILE=/var/run/$BASENAME.pid
LOCKFILE=/var/lock/subsys/$BASENAME
RETVAL=0
start() {
quiet_check
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
echo -n "Starting $BASENAME: "
daemon $BIN -D -f $CFG -p $PIDFILE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $LOCKFILE
return $RETVAL
}
stop() {
echo -n "Shutting down $BASENAME: "
killproc $BASENAME -USR1
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LOCKFILE
[ $RETVAL -eq 0 ] && rm -f $PIDFILE
return $RETVAL
}
restart() {
quiet_check
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
stop
start
}
reload() {
if ! [ -s $PIDFILE ]; then
return 0
fi
quiet_check
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
$BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE)
}
check() {
$BIN -c -q -V -f $CFG
}
quiet_check() {
$BIN -c -q -f $CFG
}
rhstatus() {
status $BASENAME
}
condrestart() {
[ -e $LOCKFILE ] && restart || :
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
check)
check
;;
*)
echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
exit 1
esac
exit $?
[root@localhost ~]# salt '*' state.highstate test=True
[root@localhost files]# salt '*' state.highstate
192.168.240.130:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf is in the correct state
Started: 16:35:03.443126
Duration: 48.101 ms
Changes:
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: File /etc/profile is in correct state
Started: 16:35:03.491434
Duration: 4.796 ms
Changes:
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: File /etc/bashrc is in correct state
Started: 16:35:03.496467
Duration: 13.05 ms
Changes:
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Sysctl value vm.swappiness = 0 is already set
Started: 16:35:03.511323
Duration: 77.236 ms
Changes:
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set
Started: 16:35:03.588869
Duration: 67.701 ms
Changes:
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Sysctl value fs.file-max = 10000 is already set
Started: 16:35:03.656870
Duration: 65.108 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 16:35:04.238573
Duration: 647.308 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: Package glibc is already installed.
Started: 16:35:04.886188
Duration: 1.064 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: Package openssl is already installed.
Started: 16:35:04.887613
Duration: 0.722 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: Package openssl-devel is already installed.
Started: 16:35:04.888447
Duration: 0.557 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 16:35:04.889158
Duration: 0.463 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 16:35:04.889704
Duration: 0.648 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 16:35:04.890510
Duration: 0.684 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.6.2.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.6.2.tar.gz is in the correct state
Started: 16:35:04.891378
Duration: 13.058 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless execution succeeded
Started: 16:35:04.906702
Duration: 8.296 ms
Changes:
----------
ID: haproxy-init
Function: file.managed
Name: /etc/init.d/haproxy
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 16:35:04.915827
Duration: 5.704 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless execution succeeded
Started: 16:35:04.922560
Duration: 24.861 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 16:35:04.948053
Duration: 32.289 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: Directory /etc/haproxy is in the correct state
Started: 16:35:04.980629
Duration: 4.732 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: File /etc/haproxy/haproxy.cfg is in the correct state
Started: 16:35:04.985550
Duration: 3.79 ms
Changes:
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: True
Comment: Service haproxy is already enabled, and is in the desired state
Started: 16:35:04.992417
Duration: 52.617 ms
Changes:
Summary
-------------
Succeeded: 21
Failed: 0
-------------
Total states run: 21
192.168.240.131:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf is in the correct state
Started: 16:35:03.520359
Duration: 47.809 ms
Changes:
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: File /etc/profile is in correct state
Started: 16:35:03.568403
Duration: 4.649 ms
Changes:
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: File /etc/bashrc is in correct state
Started: 16:35:03.573241
Duration: 6.758 ms
Changes:
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Sysctl value vm.swappiness = 0 is already set
Started: 16:35:03.581378
Duration: 93.423 ms
Changes:
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set
Started: 16:35:03.675126
Duration: 84.678 ms
Changes:
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Sysctl value fs.file-max = 10000 is already set
Started: 16:35:03.760214
Duration: 55.399 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 16:35:04.331800
Duration: 668.208 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: Package glibc is already installed.
Started: 16:35:05.000254
Duration: 0.607 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: Package openssl is already installed.
Started: 16:35:05.000970
Duration: 0.363 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: Package openssl-devel is already installed.
Started: 16:35:05.001450
Duration: 0.354 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 16:35:05.001886
Duration: 0.531 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 16:35:05.002563
Duration: 0.342 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 16:35:05.003026
Duration: 0.335 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.6.2.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.6.2.tar.gz is in the correct state
Started: 16:35:05.003481
Duration: 14.905 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless execution succeeded
Started: 16:35:05.022058
Duration: 9.325 ms
Changes:
----------
ID: haproxy-init
Function: file.managed
Name: /etc/init.d/haproxy
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 16:35:05.032195
Duration: 4.525 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless execution succeeded
Started: 16:35:05.037914
Duration: 25.515 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 16:35:05.063804
Duration: 36.982 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: Directory /etc/haproxy is in the correct state
Started: 16:35:05.101099
Duration: 1.133 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: File /etc/haproxy/haproxy.cfg is in the correct state
Started: 16:35:05.102335
Duration: 3.273 ms
Changes:
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: True
Comment: Service haproxy is already enabled, and is in the desired state
Started: 16:35:05.107174
Duration: 52.191 ms
Changes:
Summary
-------------
Succeeded: 21
Failed: 0
-------------
Total states run: 21
[root@localhost files]# salt '*' state.highstate
192.168.240.130:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf is in the correct state
Started: 16:49:26.242598
Duration: 34.161 ms
Changes:
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: File /etc/profile is in correct state
Started: 16:49:26.276902
Duration: 7.06 ms
Changes:
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: File /etc/bashrc is in correct state
Started: 16:49:26.284179
Duration: 7.85 ms
Changes:
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Sysctl value vm.swappiness = 0 is already set
Started: 16:49:26.295710
Duration: 79.619 ms
Changes:
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set
Started: 16:49:26.375669
Duration: 73.283 ms
Changes:
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Sysctl value fs.file-max = 10000 is already set
Started: 16:49:26.449247
Duration: 59.719 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 16:49:26.980957
Duration: 635.706 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: Package glibc is already installed.
Started: 16:49:27.616998
Duration: 0.935 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: Package openssl is already installed.
Started: 16:49:27.618036
Duration: 0.41 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: Package openssl-devel is already installed.
Started: 16:49:27.618537
Duration: 0.374 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 16:49:27.618996
Duration: 0.452 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 16:49:27.619570
Duration: 0.469 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 16:49:27.620128
Duration: 0.574 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.6.2.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.6.2.tar.gz is in the correct state
Started: 16:49:27.620893
Duration: 12.929 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless execution succeeded
Started: 16:49:27.636697
Duration: 7.011 ms
Changes:
----------
ID: haproxy-init
Function: file.managed
Name: /etc/init.d/haproxy
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 16:49:27.644413
Duration: 4.295 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless execution succeeded
Started: 16:49:27.649913
Duration: 25.646 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 16:49:27.676179
Duration: 38.169 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: Directory /etc/haproxy is in the correct state
Started: 16:49:27.714791
Duration: 1.948 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: File /etc/haproxy/haproxy.cfg updated
Started: 16:49:27.716952
Duration: 171.687 ms
Changes:
----------
diff:
---
+++
@@ -17,7 +17,7 @@
listen stats
mode http
-bind 0.0.0.0:80
+bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth /haproxy:saltstack
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: True
Comment: Service reloaded
Started: 16:49:27.940010
Duration: 85.912 ms
Changes:
----------
haproxy:
True
Summary
-------------
Succeeded: 21 (changed=2)
Failed: 0
-------------
Total states run: 21
192.168.240.131:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf is in the correct state
Started: 16:49:26.273403
Duration: 34.759 ms
Changes:
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: File /etc/profile is in correct state
Started: 16:49:26.308289
Duration: 3.857 ms
Changes:
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: File /etc/bashrc is in correct state
Started: 16:49:26.312369
Duration: 6.498 ms
Changes:
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Sysctl value vm.swappiness = 0 is already set
Started: 16:49:26.320161
Duration: 93.782 ms
Changes:
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set
Started: 16:49:26.414267
Duration: 80.238 ms
Changes:
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Sysctl value fs.file-max = 10000 is already set
Started: 16:49:26.494800
Duration: 65.963 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 16:49:27.058506
Duration: 619.304 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: Package glibc is already installed.
Started: 16:49:27.678108
Duration: 0.912 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: Package openssl is already installed.
Started: 16:49:27.679150
Duration: 0.509 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: Package openssl-devel is already installed.
Started: 16:49:27.679800
Duration: 0.368 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 16:49:27.680273
Duration: 0.366 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 16:49:27.680725
Duration: 0.585 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 16:49:27.681453
Duration: 0.556 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.6.2.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.6.2.tar.gz is in the correct state
Started: 16:49:27.682149
Duration: 13.432 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless execution succeeded
Started: 16:49:27.697904
Duration: 9.342 ms
Changes:
----------
ID: haproxy-init
Function: file.managed
Name: /etc/init.d/haproxy
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 16:49:27.708171
Duration: 5.761 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless execution succeeded
Started: 16:49:27.715023
Duration: 21.617 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 16:49:27.737044
Duration: 43.922 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: Directory /etc/haproxy is in the correct state
Started: 16:49:27.781328
Duration: 1.387 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: File /etc/haproxy/haproxy.cfg updated
Started: 16:49:27.782889
Duration: 189.272 ms
Changes:
----------
diff:
---
+++
@@ -17,7 +17,7 @@
listen stats
mode http
-bind 0.0.0.0:80
+bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth /haproxy:saltstack
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: True
Comment: Service reloaded
Started: 16:49:28.044191
Duration: 80.338 ms
Changes:
----------
haproxy:
True
Summary
-------------
Succeeded: 21 (changed=2)
Failed: 0
-------------
Total states run: 21

业务模块
[root@localhost src]# wget http://www.keepalived.org/software/keepalived-1.2.19.tar.gz
./configure --prefix=/usr/local/keepalived --disable-fwmark
[root@localhost etc]# pwd
/usr/local/src/keepalived-1.2.19/keepalived/etc
[root@localhost etc]# mkdir /srv/salt/prod/keepalived
[root@localhost etc]# mkdir /srv/salt/prod/keepalived/files
[root@localhost etc]# cp init.d/keepalived.init /srv/salt/prod/keepalived/files/
[root@localhost etc]# cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/
start() {
echo -n $"Starting $prog: "
daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
}
[root@localhost sysconfig]# pwd
/usr/local/keepalived/etc/sysconfig
[root@localhost sysconfig]# cp keepalived /srv/salt/prod/keepalived/files/keepalived.sysconfig
[root@localhost keepalived]# pwd
/srv/salt/prod/keepalived
[root@localhost keepalived]# cat install.sls
include:
- pkg.pkg-init
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.19.tar.gz
- source: salt://keepalived/files/keepalived-1.2.19.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- pkg: pkg-init
- file: keepalived-install
[root@localhost keepalived]# vim install.sls
[root@localhost keepalived]# ls
files install.sls
[root@localhost keepalived]# cd files/
[root@localhost files]# ls
keepalived.conf keepalived.init keepalived.sysconfig
[root@localhost files]# cp /usr/local/src/keepalived-1.2.19.tar.gz .
[root@localhost files]# ls
keepalived-1.2.19.tar.gz keepalived.conf keepalived.init keepalived.sysconfig
[root@localhost files]# cd ..
[root@localhost keepalived]# ls
files install.sls
[root@localhost keepalived]# pwd
/srv/salt/prod/keepalived
[root@localhost keepalived]# cat install.sls
include:
- pkg.pkg-init
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.19.tar.gz
- source: salt://keepalived/files/keepalived-1.2.19.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- pkg: pkg-init
- file: keepalived-install
keepalived-init:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived.init
- user: root
- group: root
- mode: 755
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: keepalived-init
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
- user: root
- group: root
- mode: 644
/etc/keepalived:
file.directory:
- user: root
- group: root
- mode: 755
[root@localhost keepalived]# salt '*' state.sls keepalived.install env=prod
SaltStack配置管理-业务引用keepalived
[root@localhost files]# pwd
/srv/salt/prod/cluster/files
[root@localhost files]# cat haproxy-outside-keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
saltstack@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}}
}
vrrp_instance haproxy_ha {
state {{STATEID}}
interface eth0
virtual_router_id 36
priority {{PRIORITYID}}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.240.131
}
}
[root@localhost cluster]# pwd
/srv/salt/prod/cluster
[root@localhost cluster]# cat haproxy-outside-keepalived.sls
include:
- keepalived.install
keepalived-service:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.conf
- user: root
- group: root
- mode: 644
- templates: jinja
{% if grains['fqdn'] == '192.168.240.130' %}
- ROUTEID: haproxy_ha
- STATEID: MASTER
- PRIORITYID: 150
{% elif grains['fqdn'] == '192.168.240.131' %}
- ROUTEID: haproxy_ha
- STATEID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-service
[root@localhost cluster]# salt '*' state.sls cluster.haproxy-outside-keepalived env=prod
[root@localhost base]# pwd
/srv/salt/base
[root@localhost base]# cat top.sls
base:
'*':
- init.env_init
prod:
'192.168.240.130':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'192.168.240.131':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
[root@localhost base]# salt '*' state.highstate
saltstack增加zabbix
[root@localhost init]# pwd
/srv/salt/base/init
[root@localhost init]# cat zabbix_agent.sls
zabbix-agent-install:
pkg.installed:
- name: zabbix-agent
file.managed:
- name: /etc/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- template: jinja
- defaults:
Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
-require:
- pkg: zabbix-agent-install
service.running:
- name: zabbix-agent
- enable: True
- watch:
- pkg: zabbix-agent-install
- file: zabbix-agent-install

[root@localhost base]# pwd
/srv/pillar/base
[root@localhost base]# cat top.sls
base:
'*':
- zabbix
[root@localhost files]# pwd
/srv/salt/base/init/files
cp /etc/zabbix/zabbix_agentd.conf .
修改:Server={{ Server }}
[root@localhost init]# cat env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
- init.zabbix_agent
[root@localhost init]# salt '*' state.highstate
源码:
https://github.com/unixhot/saltbook-code