SaltStack基础 - 04stats组件

一、states文件

salt states的核心是sls文件，该文件使用YAML语法定义了一些k/v的数据。

sls文件存放的根路径在master配置文件中定义file_roots，默认为/srv/salt,如果不存在，需要手动创建。

在salt中可以通过salt://代替根路径，例通过salt://top.sls 访问 /srv/salt/top.sls。

502

在states中top文件也由master配置文件定义，默认为top.sls，该文件为states的入口文件。

salt-master默认会读取file_roots指定配置目录下的top.sls。这个是在master配置文件下的state_top: top.sls决定的。

502

1.1 定义top.sls及sls文件

### master配置文件中定义了三种环境，每种环境都可以定义多个目录，但是要避免冲突。
[root@cl-server salt]# vi /etc/salt/master
file_roots:
  base:
    - /application/salt
  prod:
    - /application/salt/prod
  test:
    - /application/salt/test

[root@cl-server salt]# cat top.sls 
base:                  ### 第一行，声明使用base环境
  '*':                 ### 第二行，定义target，这里是匹配所有
    - apache           ### 第三行，声明使用哪些states目录，salt会寻找每个目录下的init.sls文件。

### 简单的sls文件：
[root@cl-server salt]# pwd
/application/salt
[root@cl-server salt]# cat apache/init.sls
apache:                   # 1
  pkg.installed:　　　　　　# 2
    - names:              # 3
      - httpd             # 4
  service.running:        # 5
    - require:            # 6
      - pkg: apache       # 7

第一行，被称为ID说明(ID Declaration)。ID说明表明可以操控的名字。

第二行和第五行是State说明(State Declaration)，它们分别使用了pkg和service states。pkg state通过系统的包管理其管理关键包，service state管理系统服务(daemon)。

在pkg及service列下边是运行的方法。方法定义包和服务应该怎么做。此处是软件包应该被安装，服务应该处于运行中。

第六行使用require。本方法称为”必须指令”(Requisite Statement)，表明只有当apache软件包安装成功时，apache服务才启动起来。

1.2 执行state.highstate

### 上面命令会触发 minion 从master下载top.sls文件以及其中的states，然后编译、执行。执行完之后，minion会将执行结果的摘要信息汇报给master。
[root@cl-server salt]# salt 'cl-node02' state.highstate 

[root@cl-server salt]# salt 'cl-node02' state.highstate test=True
cl-node02:
----------
          ID: apache
    Function: pkg.installed
        Name: httpd
      Result: None
     Comment: The following packages would be installed/updated: httpd
     Started: 17:38:09.549432
    Duration: 751.19 ms
     Changes:   
----------
          ID: apache
    Function: service.running
      Result: None
     Comment: Service apache not present; if created in this state run, it would have been started
     Started: 17:38:10.301490
    Duration: 21.253 ms
     Changes:   

Summary for cl-node02
------------
Succeeded: 2 (unchanged=2)
Failed:    0
------------
Total states run:     2
Total run time: 772.443 ms

二、使用sls部署服务

2.1 执行 base 环境下的stats文件

[root@cl-server salt]# mkdir prod test init
[root@cl-server salt]# cd init/
[root@cl-server init]# tree
.
├── audit.sls
├── dns.sls
├── env_init.sls
├── files
│   └── resolv.conf
├── history.sls
└── sysctl.sls

1 directory, 6 files

[root@cl-server init]# cat dns.sls 
/etc/resolv.conf:
  file.managed:
    - source: salt://init/files/resolv.conf
    - user: root
    - group: root
    - mode: 644

[root@cl-server init]# cat history.sls 
etc_profile_append_time:
  file.append:
    - name: /etc/profile
    - text:
      - export HISTTIMEFORMAT="%F %T `whoami`"

[root@cl-server init]# cat audit.sls 
etc_bashrc_log:  
  file.append:
    - name: /etc/bashrc
    - text:
      - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'

[root@cl-server init]# cat sysctl.sls 
vm.swappiness:
  sysctl.present:
    - value: 0
net.ipv4.ip_local_port_range:
  sysctl.present:
    - value: 1024 65000
fs.file-max:
  sysctl.present:
    - value: 100000

[root@cl-server init]# cat env_init.sls 
include:
  - init.dns
  - init.history
  - init.sysctl
#  - init.audit

### base 对应 /etc/salt/master 中 file_roots 的标签：找到 base 对应的目录位置，然后对指定服务器进行脚本执行 init.env_init
[root@cl-server salt]# cat top.sls 
base:
  '*':
    - init.env_init

[root@cl-server salt]# salt 'cl-node03' state.highstate test=True

[root@cl-server salt]# salt 'cl-node03' state.highstate

2.2 执行prod环境下的state文件

[root@cl-server prod]# tree
.
├── haproxy
│   ├── files
│   │   ├── haproxy-2.4.4.tar.gz
│   │   └── haproxy.init
│   └── install.sls
└── pkg
    └── pkg-init.sls

3 directories, 4 files

[root@cl-server salt]# salt 'cl-node03' state.sls haproxy.install saltenv=prod test=True

[root@cl-server haproxy]# cat install.sls 
include:
  - pkg.pkg-init                                           # 相对目录，相对于/application/salt/prod

haproxy-install:
  file.managed:                                            #ID
    - source: salt://haproxy/files/haproxy-2.4.4.tar.gz 
    - name: /usr/local/src/haproxy-2.4.4.tar.gz            # name声明，没有ID可以将name声明放在ID处
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src && tar xf haproxy-2.4.4.tar.gz && 
            cd haproxy-2.4.4 && make TARGET=linux-glibc PRXFIX=/usr/local/haproxy && 
            make install PREFIX=/usr/local/haproxy
    - unless: test -d /usr/local/haproxy
    - require:                           # 指定依赖
      - pkg: pkg-init                    # 依赖ID为pkg-init的pkg模块，这个pkg模块必须执行成功才执行本模块
      - file: haproxy-install            # 依赖ID为haproxy-install的file模块

haproxy-init:
  file.managed:
    - source: salt://haproxy/files/haproxy.init
    - name: /etc/init.d/haproxy
    - user: root
    - group: root
    - mode: 755
    - require:
      - cmd: haproxy-install
  cmd.run:
    - name: chkconfig --add haproxy
    - unless: chkconfig --list |grep haproxy
    - require:
      - file: haproxy-init

net.ipv4.ip_nonlocal_bind:
  sysctl.present:
    - value: 1

haproxy-config-dir:
  file.directory:
    - name: /etc/haproxy
    - user: root
    - group: root
    - mode: 755

[root@cl-server prod]# tree
.
├── cluster
│   ├── files
│   │   └── haproxy-outside.cfg
│   └── haproxy-outside.sls
├── haproxy
│   ├── files
│   │   ├── haproxy-2.4.4.tar.gz
│   │   └── haproxy.init
│   └── install.sls
└── pkg
    └── pkg-init.sls

[root@cl-server prod]# cat cluster/haproxy-outside.sls 
include:
  - haproxy.install

haproxy-service:
  file.managed:
    - name: /etc/haproxy/haproxy.cfg
    - source: salt://cluster/files/haproxy-outside.cfg
    - user: root
    - group: root
    - mode: 644
  service.running:
    - name: haproxy
    - enable: True                 # 是否开机自启动
    - reload: True                 # 是否reload, 不加则配置文件变动，服务restart
    - require:
      - cmd: haproxy-init
    - watch:
      - file: haproxy-service      # 关注文件，文件变化reload

2.3 在top文件中指定各环境state文件

[root@cl-server salt]# cat top.sls 
base:
  '*':
    - init.env_init
prod:
  'cl-node01':
    - cluster.haproxy-outside

[root@cl-server salt]# salt '*' state.highstate test=True

三、state文件案例

3.1 安装Httpd

### 安装并启动httpd
[root@cl-server httpd]# cat install.sls 
httpd-install:
  pkg.installed:
    - pkgs:
      - httpd
      - PHP

  service.running:
    - name: httpd
    - enable: True
    - reload: True

### 推送执行：
[root@cl-server httpd]# salt cl-node01 state.sls httpd.install

### 设置httpd初始化配置文件
[root@cl-server httpd]# cat install.sls 
httpd-install:
  pkg.installed:
    - pkgs:
      - httpd
      - PHP

  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root

  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: httpd-install

3.2 安装Nginx

### 编译安装Nginx
[root@cl-server Nginx]# tree
.
├── files
│   ├── Nginx
│   ├── Nginx-1.18.0.tar.gz
│   ├── Nginx.conf
│   └── Nginx.service
├── install.sls
├── pkgs
│   └── make.sls
└── service.sls

### 编译安装脚本
[root@cl-server Nginx]# cat pkgs/make.sls 
make-gss:
  pkg.installed:
    - pkgs:
      - pcre-devel
      - openssl-devel
      - gcc
	  
[root@cl-server Nginx]# cat install.sls 
include:
  - Nginx.pkgs.make

Nginx_install:
  file.managed:
    - name: /root/Nginx-1.18.0.tar.gz
    - source: salt://Nginx/files/Nginx-1.18.0.tar.gz

  cmd.run:
    - name: cd /root/ && tar zxf Nginx-1.18.0.tar.gz && cd Nginx-1.18.0 
            && ./configure --prefix=/application/Nginx --with-file-aio --with-threads --with-http_ssl_module --with-http_stub_status_module &> /dev/null 
            && make &>/dev/null && make install &>/dev/null
    - creates: /application/Nginx

### 创建服务用户的脚本
[root@cl-server salt]# cat users/Nginx.sls 
Nginx-group:
  group.present:
    - name: Nginx
    - gid: 800

Nginx-user:
  user.present:
    - name: Nginx
    - uid: 800
    - gid: 800
    - shell: /sbin/nologin
    - createhome: False
    - home: /application/Nginx
	  
### 服务启动脚本
[root@cl-server Nginx]# cat service.sls 
include:
  - Nginx.install
  - users.Nginx

/application/Nginx/conf/Nginx.conf:
  file.managed:
    - source: salt://Nginx/files/Nginx.conf

Nginx-service:
  file.managed:
    - name: /etc/init.d/Nginx
    - source: salt://Nginx/files/Nginx
    - mode: 755
  
  service.running:
    - name: Nginx
    - reload: True
    - watch:
      - file: /application/Nginx/conf/Nginx.conf

### 推送执行
[root@cl-server Nginx]# salt cl-node02 state.sls Nginx.service

3.3 安装Haproxy

### 安装Haproxy
[root@cl-server haproxy]# cat install.sls 
haproxy-install:
  pkg.installed:
    - pkgs:
      - haproxy

  file.managed:
    - name: /etc/haproxy/haproxy.cfg
    - source: salt://haproxy/files/haproxy.cfg

  service.running:
    - name: haproxy
    - reload: True
    - watch:
      - file: haproxy-install

3.4 使用top同时安装三个服务

### 在/application/salt 下创建 top.sls
[root@cl-server salt]# vi top.sls
base:
  'cl-node01':
    - httpd.install
  'cl-node02':
    - Nginx.service
  'cl-server':
    - haproxy.install
[root@cl-server salt]# salt '*' state.highstate

SaltStack基础 - 04stats组件

SaltStack基础 - 04stats组件

一、states文件

1.1 定义top.sls及sls文件

1.2 执行state.highstate

二、使用sls部署服务

2.1 执行 base 环境下的stats文件

2.2 执行prod环境下的state文件

2.3 在top文件中指定各环境state文件

三、state文件案例

3.1 安装Httpd

3.2 安装Nginx

3.3 安装Haproxy

3.4 使用top同时安装三个服务

相关推荐