Salt Configuration Management

State tree structure

[Email protected] salt]# tree.

.

├──app_env #应用环境

├──grains #动态变量

├──int_env #初始化环境

├──modules #模块

├──pillar #静态变量

├──template #模板

└──top.sls #top. SLS is a portal file for configuration management

Introduce the SLS file here

SLS files are at the heart of the state system. SLS describes the target state of the system.

Using subdirectories to organize is a good choice, and each subdirectory describes a resource. Each subdirectory can be represented by a single point. Selinux.init represents the subdirectory Selinux/init.sls

INIT.SLS represents the boot file in a subdirectory, and it represents the subdirectory itself. So Selinux.init.sls represents the subdirectory SELinux.

Define a SELinux environment

Mkdir-p App_env/selinux[[email protected] salt]# cat app_env/selinux/init.sls/etc/sysconfig/selinux:file.managed:- Source:salt://template/app_env/selinux/selinux-user:root-group:root-mode:600-template:jinja

Defining template Files

mkdir -p templat/app_env/selinux[[email protected] salt]# cat template/app_env/ Selinux/selinux # this file controls the state of selinux on  the system.# selinux= can take one of these three values:#      enforcing - selinux security policy is enforced.#      permissive - selinux prints warnings instead of  enforcing.#     disabled - No SELinux policy is  Loaded. selinux=disabled# selinuxtype= can take one of these two values:#      targeted - Targeted processes are protected,#      mls - multi level security protection. selinuxtype=targeted

test

[[email protected] salt]# salt node1 state.sls app_env.selinux.init test= truenode1:    ----------    file_|-/etc/sysconfig/selinux_|-/etc/ sysconfig/selinux_|-managed:        ----------         __run_num__:            0         changes:             ----------            mode:                 0600         comment:             The file /etc/sysconfig/selinux is set to be changed         duration:            34.653         name:             /etc/sysconfig/selinux        result:             none        start_time :             12:17:07.454892

Here because of my two hosts the SELinux file is the same, so I do not see what changes, I here is just an example, welcome to spit Groove

If the test does not have a problem, you can remove test=true this option, execution can

This article from "Do not abandon!" Do not give up "blog, be sure to keep this source http://thedream.blog.51cto.com/6427769/1676480

Salt Configuration Management