SaltStack基础 - 04stats组件
一、states文件
- salt states的核心是sls文件,该文件使用YAML语法定义了一些k/v的数据。
- sls文件存放的根路径在master配置文件中定义file_roots,默认为/srv/salt,如果不存在,需要手动创建。
- 在salt中可以通过salt://代替根路径,例通过salt://top.sls 访问 /srv/salt/top.sls。
- 在states中top文件也由master配置文件定义,默认为top.sls,该文件为states的入口文件。
- salt-master默认会读取file_roots指定配置目录下的top.sls。这个是在master配置文件下的state_top: top.sls决定的。
1.1 定义top.sls及sls文件
### master配置文件中定义了三种环境,每种环境都可以定义多个目录,但是要避免冲突。
[root@cl-server salt]# vi /etc/salt/master
file_roots:
base:
- /application/salt
prod:
- /application/salt/prod
test:
- /application/salt/test
[root@cl-server salt]# cat top.sls
base: ### 第一行,声明使用base环境
'*': ### 第二行,定义target,这里是匹配所有
- apache ### 第三行,声明使用哪些states目录,salt会寻找每个目录下的init.sls文件。
### 简单的sls文件:
[root@cl-server salt]# pwd
/application/salt
[root@cl-server salt]# cat apache/init.sls
apache: # 1
pkg.installed: # 2
- names: # 3
- httpd # 4
service.running: # 5
- require: # 6
- pkg: apache # 7
第一行,被称为ID说明(ID Declaration)。ID说明表明可以操控的名字。
第二行和第五行是State说明(State Declaration),它们分别使用了pkg和service states。pkg state通过系统的包管理其管理关键包,service state管理系统服务(daemon)。
在pkg及service列下边是运行的方法。方法定义包和服务应该怎么做。此处是软件包应该被安装,服务应该处于运行中。
第六行使用require。本方法称为”必须指令”(Requisite Statement),表明只有当apache软件包安装成功时,apache服务才启动起来。
1.2 执行state.highstate
### 上面命令会触发 minion 从master下载top.sls文件以及其中的states,然后编译、执行。执行完之后,minion会将执行结果的摘要信息汇报给master。
[root@cl-server salt]# salt 'cl-node02' state.highstate
[root@cl-server salt]# salt 'cl-node02' state.highstate test=True
cl-node02:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: None
Comment: The following packages would be installed/updated: httpd
Started: 17:38:09.549432
Duration: 751.19 ms
Changes:
----------
ID: apache
Function: service.running
Result: None
Comment: Service apache not present; if created in this state run, it would have been started
Started: 17:38:10.301490
Duration: 21.253 ms
Changes:
Summary for cl-node02
------------
Succeeded: 2 (unchanged=2)
Failed: 0
------------
Total states run: 2
Total run time: 772.443 ms
二、使用sls部署服务
2.1 执行 base 环境下的stats文件
[root@cl-server salt]# mkdir prod test init [root@cl-server salt]# cd init/ [root@cl-server init]# tree . ├── audit.sls ├── dns.sls ├── env_init.sls ├── files │ └── resolv.conf ├── history.sls └── sysctl.sls 1 directory, 6 files
[root@cl-server init]# cat dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
[root@cl-server init]# cat history.sls
etc_profile_append_time:
file.append:
- name: /etc/profile
- text:
- export HISTTIMEFORMAT="%F %T `whoami`"
[root@cl-server init]# cat audit.sls
etc_bashrc_log:
file.append:
- name: /etc/bashrc
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
[root@cl-server init]# cat sysctl.sls
vm.swappiness:
sysctl.present:
- value: 0
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 1024 65000
fs.file-max:
sysctl.present:
- value: 100000
[root@cl-server init]# cat env_init.sls
include:
- init.dns
- init.history
- init.sysctl
# - init.audit
### base 对应 /etc/salt/master 中 file_roots 的标签:找到 base 对应的目录位置,然后对指定服务器进行脚本执行 init.env_init
[root@cl-server salt]# cat top.sls
base:
'*':
- init.env_init
[root@cl-server salt]# salt 'cl-node03' state.highstate test=True
[root@cl-server salt]# salt 'cl-node03' state.highstate
2.2 执行prod环境下的state文件
[root@cl-server prod]# tree
.
├── haproxy
│ ├── files
│ │ ├── haproxy-2.4.4.tar.gz
│ │ └── haproxy.init
│ └── install.sls
└── pkg
└── pkg-init.sls
3 directories, 4 files
[root@cl-server salt]# salt 'cl-node03' state.sls haproxy.install saltenv=prod test=True
[root@cl-server haproxy]# cat install.sls
include:
- pkg.pkg-init # 相对目录,相对于/application/salt/prod
haproxy-install:
file.managed: #ID
- source: salt://haproxy/files/haproxy-2.4.4.tar.gz
- name: /usr/local/src/haproxy-2.4.4.tar.gz # name声明,没有ID可以将name声明放在ID处
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar xf haproxy-2.4.4.tar.gz &&
cd haproxy-2.4.4 && make TARGET=linux-glibc PRXFIX=/usr/local/haproxy &&
make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require: # 指定依赖
- pkg: pkg-init # 依赖ID为pkg-init的pkg模块,这个pkg模块必须执行成功才执行本模块
- file: haproxy-install # 依赖ID为haproxy-install的file模块
haproxy-init:
file.managed:
- source: salt://haproxy/files/haproxy.init
- name: /etc/init.d/haproxy
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list |grep haproxy
- require:
- file: haproxy-init
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755
[root@cl-server prod]# tree
.
├── cluster
│ ├── files
│ │ └── haproxy-outside.cfg
│ └── haproxy-outside.sls
├── haproxy
│ ├── files
│ │ ├── haproxy-2.4.4.tar.gz
│ │ └── haproxy.init
│ └── install.sls
└── pkg
└── pkg-init.sls
[root@cl-server prod]# cat cluster/haproxy-outside.sls
include:
- haproxy.install
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable: True # 是否开机自启动
- reload: True # 是否reload, 不加则配置文件变动,服务restart
- require:
- cmd: haproxy-init
- watch:
- file: haproxy-service # 关注文件,文件变化reload
2.3 在top文件中指定各环境state文件
[root@cl-server salt]# cat top.sls
base:
'*':
- init.env_init
prod:
'cl-node01':
- cluster.haproxy-outside
[root@cl-server salt]# salt '*' state.highstate test=True
三、state文件案例
3.1 安装Httpd
### 安装并启动httpd
[root@cl-server httpd]# cat install.sls
httpd-install:
pkg.installed:
- pkgs:
- httpd
- php
service.running:
- name: httpd
- enable: True
- reload: True
### 推送执行:
[root@cl-server httpd]# salt cl-node01 state.sls httpd.install
### 设置httpd初始化配置文件
[root@cl-server httpd]# cat install.sls
httpd-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: httpd-install
3.2 安装Nginx
### 编译安装Nginx
[root@cl-server nginx]# tree
.
├── files
│ ├── nginx
│ ├── nginx-1.18.0.tar.gz
│ ├── nginx.conf
│ └── nginx.service
├── install.sls
├── pkgs
│ └── make.sls
└── service.sls
### 编译安装脚本
[root@cl-server nginx]# cat pkgs/make.sls
make-gss:
pkg.installed:
- pkgs:
- pcre-devel
- openssl-devel
- gcc
[root@cl-server nginx]# cat install.sls
include:
- nginx.pkgs.make
nginx_install:
file.managed:
- name: /root/nginx-1.18.0.tar.gz
- source: salt://nginx/files/nginx-1.18.0.tar.gz
cmd.run:
- name: cd /root/ && tar zxf nginx-1.18.0.tar.gz && cd nginx-1.18.0
&& ./configure --prefix=/application/nginx --with-file-aio --with-threads --with-http_ssl_module --with-http_stub_status_module &> /dev/null
&& make &>/dev/null && make install &>/dev/null
- creates: /application/nginx
### 创建服务用户的脚本
[root@cl-server salt]# cat users/nginx.sls
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- uid: 800
- gid: 800
- shell: /sbin/nologin
- createhome: False
- home: /application/nginx
### 服务启动脚本
[root@cl-server nginx]# cat service.sls
include:
- nginx.install
- users.nginx
/application/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx
- mode: 755
service.running:
- name: nginx
- reload: True
- watch:
- file: /application/nginx/conf/nginx.conf
### 推送执行
[root@cl-server nginx]# salt cl-node02 state.sls nginx.service
3.3 安装Haproxy
### 安装Haproxy
[root@cl-server haproxy]# cat install.sls
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
service.running:
- name: haproxy
- reload: True
- watch:
- file: haproxy-install
3.4 使用top同时安装三个服务
### 在/application/salt 下创建 top.sls
[root@cl-server salt]# vi top.sls
base:
'cl-node01':
- httpd.install
'cl-node02':
- nginx.service
'cl-server':
- haproxy.install
[root@cl-server salt]# salt '*' state.highstate