Saltstack in-depth-understand the basic usage of state again

Saltstack in-depth-understand the basic usage of state again

First, the basic Environment 1, on the basis of tvm-saltmaster operation. 2, Network: eth0:host-only (for virtual intranet, manually fixed IP, so from the host can directly connect to this VM) Eth1:nat (for Sisu network, dynamic IP) [[email protected] ~]#  cd /etc/sysconfig/network-scripts/[[email protected] network-scripts]# cat  ifcfg-eth0device=eth0type=ethernetonboot=yesnm_controlled=yesbootproto=noneipaddr=192.168.56.253prefix= 24gateway=192.168.56.1dns1=192.168.56.254[[email protected] network-scripts]# cat  ifcfg-eth1device=eth1type=ethernetonboot=yesnm_controlled=yesbootproto=dhcpdns1=192.168.56.254 Second, Salt-master roughly what kind of 1, basic structure [[email protected] salt]# tree /srv//srv/├── pillar│    ├── job│   │   └── init.sls│   ├──  Package│   │   └── init.sls│   └── top.sls└── salt     ├── base    │   ├── abc     │   │   ├── hosts.sls    │   │   ├──  init.sls    │   │   ├── packages.sls     │   │   └── resolv.sls    │   ├──  conf.d    │   │   ├── dnsmasq     │   │   │   └── office.conf    │    │   ├── monit    │   │    │   ├── monit-mail.conf    │   │    │   └── salt-minion.conf    │   │    ├── resolv    │   │   │   ├──  client.conf    │   │   │   └── server.conf    │    │   ├── saltstack    │   │    ├── ssh    │   │   │   └──  sshd_config    │   │   └── vim     │   │       └── vimrc    │    ├── crontab    │   │   └──  init.sls    │   ├── dnsmasq    │    │   └── init.sls    │   ├── monit     │   │   └── init.sls    │    ├── postfix     │   │   └── init.sls    │   ├──  readme. txt    │   ├── salt    │   │    └── minion.sls    │   ├── ssh     │   │   └── init.sls    │   ├──  Top.sls    │   ├── vim    │   │    └── init.sls    │   └── web     │       └── init.sls    ├── dev     │   ├── top.sls    │   └──  web.sls    ├── prod    │   ├── top.sls     │   └── web.sls    └── qa         ├── conf.d        │   └── crontab         │       └──  client.conf        ├── crontab         │   └── init.sls        └──  top.sls27 directories, 31 files Note: 1)/srv/salt & /srv/pillar is the default path after installation is complete 2)/ srv/salt  under 4 environments, this is the intention to test the multi-environment, the specific configuration is defined here: [[email protected] salt]# cat /etc/salt/ master.d/file_roots.conf# master file_roots configuration:file_roots:  base:     - /srv/salt/base  dev:    - /srv/salt/dev   qa:    - /srv/salt/qa  prod:    - /srv/salt/prod[[email protected] salt]#  mkdir /srv/salt/{base,dev,qa,prod}/ -p[[email protected] salt]# service  SALT-MASTER RESTART3) The default is in the base environment, which is indispensable. Take the base environment as the root, we continue to look down 4) "Top.sls", this is an environment of the entrance, you can match target, specify the ". SLS" suffix to define the Salt state file, such as:[[email  protected] salt]# cat base/top.sls base:   ' Tvm-yum ':     -  dnsmasq    - crontab    - web   ' * ':     - abc    - monit    - postfix     - salt.minion    - ssh    -  Vim above the specified DNSMASQ, in fact, the corresponding is/SRV/SALT/BASE/DNSMASQ.SLS, but we improved into a directory to manage, and thus become:/srv/salt/base/dnsmasq/ Init.sls, so we get 6) Experience 5) "Init.sls", this special SLS will inherit the name of the current directory 6) is usually a multilevel directory to classify the management of SLS files, for example: Salt.minion, corresponding to:/srv/salt/base/ Salt/minion.sls and so forth,can also be subdivided into finer. 2, how to make Minion state become what we expect? 1) First, we know that the specified module can be executed. function to execute the SALT command salt  ' tvm-test '  cmd.run  ' hostname ' 2) actually executing state is similar. Specify the target host as: ' Tvm-test '  , and then specify a SLS file "Web.sls", the default saltenv= ' base ' salt  ' Tvm-test '  state.sls  WEB2) Specify an additional saltenvsalt  ' tvm-test '  state.sls crontab saltenv= ' QA ' 2) test switch salt  ' tvm-test '  state.sls crontab saltenv= ' QA '  test=true3) highstate Way, Minions pulls all of its own matching state data from Salt-master and executes salt  ' * '  state.highstate         /srv/pillarpillar often take to compare with grains. The official website also introduces: Grains and pillar are sometimes confused, just remember that  Grains are data about a minion which is stored or  generated from the minion. this is why information like the  Os and cpu type are found in grains. pillar is information about a minion or many minions stored or generated  on the salt master. The latter (grains) records data from Minions that include relatively static k/v key-value pairs such as os,cpu, usually from salt-minion-escalated information. The former (pillar) we can define some custom parameters to be referenced by the salt SLS file, which is usually defined for minions on Salt-master. 1. Entry file [[email protected] salt]# cat /srv/pillar/top.sls base:   ' * ':     - PACKAGE    - JOB2, for the installation package, specify VIM and Apache k/v key-value pairs [[email  Protected] salt]# cat /srv/pillar/package/init.sls pkgs:  {% if grains [' os_family '] ==  ' RedHat '  %}  vim: vim-enhanced  apache: httpd   {% elif grains[' os_family '] ==  ' Debian '  %}  vim: vim   apache: apache2  {% elif grains[' os '] ==  ' Arch '  %}   vim: vim  apache: httpd  {% Endif %}  3, for Highstate, define a schedule[[email protected] salt]# cat /srv/ Pillar/job/init.sls schedule:  highstate:    function: state.highstate     minutes: 2         Four,/srv/ Salt defines some state files, which focus on the "base" environment, followed by some testing work in the "QA" environment. 1, first, we guarantee that "Tvm-yum" installed on the Dnsmasq,crontab and the Web service is expected 1) Configuration DNSMASQ Service status is: Running, boot, configuration files can be restarted service. Here: "Pkg.installed, service.running, file.replace"------------------------------------------------ -------------DNSMASQ[[EMAIL PROTECTED] SALT]# CAT BASE/DNSMASQ/INIT.SLS DNSMASQ:   pkg.installed: []  service.running:    - enable: true     - reload: True    - watch:       - file: /etc/dnsmasq.d/office.conf      - file:  /Etc/dnsmasq.conf/etc/dnsmasq.d/office.conf:  file.managed:    - source:  salt://conf.d/dnsmasq/office.conf  /etc/dnsmasq.conf:  file.replace:     - pattern:  ' #addn-hosts=/etc/banner_add_hosts '     - repl:  ' Addn-hosts=/etc/dnsmasq.d/office.conf '-------------------------------------------------------------dnsmasq  END2) Configures the state of the crontab service to execute the specified script at timed intervals. Used here: "Cron.present"-------------------------------------------------------------crontab[[email protected ] salt]# cat base/crontab/init.sls ##  Use Cron.present this method to control, the default is appended to the existing crontab crontab-repo-update:  cron.present:    -  identifier: CRON-REPO-UPDATE    - name:  '/bin/bash /data/ops/bin /repo_update.sh >/tmp/repo_update.log 2>&1 & '     - user:  root    - minute:  ' 0 '     - hour:  '     - daymonth :  ' * '     - month:  ' * '     - dayweek:  ' * '------ -------------------------------------------------------Crontab end3) The status of the configuration Web Service is: running and booting. (Of course, the processing here is rough) here: "Pkg.installed, service.running, pillar"---------------------------------------- ---------------------web[[email protected] salt]# cat base/web/init.sls apache:   pkg.installed:    - name: {{ pillar[' pkgs ' [' Apache '] }}   service.running:    - name: {{ pillar[' pkgs ' [' Apache '] }}     - enable: True    - require:         - pkg:  Apache-------------------------------------------------------------Web end2, and then we listed the basic installation in "ABC"Package and domain name resolution related configuration files, the desired positioning is: Before the host on-line fixed some initialization operations. 1) "Init.sls" uses "include" to include several categories of status files. Used here: "include"-------------------------------------------------------------abc init[[email  protected] salt]# cat base/abc/init.sls include:  - abc.hosts  -  abc.resolv  -  Abc.packages-------------------------------------------------------------abc init end  2) " Hosts.sls "/etc/hosts" file was updated. Used here: "File.append":-------------------------------------------------------------abc hosts  [[ Email protected] salt]# cat base/abc/hosts.sls /etc/hosts:  file.append:     - text:       -  ' 192.168.56.253   salt-m.office.test '       -  ' 192.168.56.254   Mirror.office.test '       -  ' 127.0.0.1        {{ grains[' id '] }} "-------------------------------------------------------------abc hosts end         3) "Resolv.sls" updated the/etc/resolv.conf file. Here is the use of: "If." else.. Endif, grains "-------------------------------------------------------------abc resolv  [[ email protected] salt]# cat base/abc/resolv.sls /etc/resolv.conf:   file.managed:    {% if grains[' id '] ==  ' tvm-yum '  %}     - source: salt://conf.d/resolv/server.conf    {% else %}     - source: salt://conf.d/resolv/client.conf    {%  endif %}-------------------------------------------------------------abc resolv end   4) Specify the package to install. Here: "Pkg.installed, pkgs, pkg.latest"------------------------------------------------------------- Abc packages [[email protected] salt]# cat base/abc/packages.sls ##  here is a list of the packages required by the host on-line #common-pkgs:   pkg.installed:    - pkgs:      - lrzsz       - wget      - curl       - rsync      - screen       - dos2unix      - tree       - ntp      - bind-utils      - nc       - telnet      - git  ##   The packages that need update are listed here #up2date-pkgs:  pkg.latest:    - pkgs:       - bash      -  OpenSSL-------------------------------------------------------------abc packages end               3, finally, some examples of custom configurations are given, such as configurations for Monit,postfix,salt,ssh and vim. 1) The status of the configuration Monit,salt is: running and booting, and configuring the Postfix service disabled. Here: "Pkg.installed, service.running, file.managed, service.disabled, pillar"------------ -------------------------------------------------Abc monit[[email protected] salt]# cat  base/monit/init.sls monit:  pkg.installed: []  service.running:     - enable: True/etc/monit.d/monit-mail.conf:  file.managed:     - source: salt://conf.d/monit/monit-mail.conf    - require:       - pkg: monit/etc/monit.d/salt-minion.conf:   file.managed:    - source: salt://conf.d/monit/salt-minion.conf     - require:      - pkg: monit-------------------------------------------------------------ABC  monit end -------------------------------------------------------------Abc postfix[[email  protected] salt]# cat base/postfix/init.sls postfix:  pkg.installed:  []  service.disabled: []-------------------------------------------------------------abc  postfix end -------------------------------------------------------------abc salt[[email  Protected] salt]# cat base/salt/minion.sls salt-minion:  pkg.installed: []   service.running:    - enable:  True-------------------------------------------------------------abc salt end      -------------------------------------------------------------abc ssh [[email  Protected] salt]# cat base/ssh/init.sls openssh-clients:  pkg.installed: []openssh-server:  pkg.installed: []sshd:   service.running:    - enable: true    - require:       - pkg: openssh-clients      -  pkg: openssh-server      - file: /etc/ssh/sshd_config/etc/ Ssh/sshd_config:  file.managed:    - source: salt://conf.d/ssh/sshd_ config    - require:      - pkg:  Openssh-server-------------------------------------------------------------abc ssh end -------- -----------------------------------------------------abc vim end vim:  pkg.installed:     - name: {{ pillar[' pkgs ' [' Vim '] }}/root/.vimrc:   file.managed:    - source: salt://conf.d/vim/vimrc    - require:       - pkg: vim-------------------------------------------------------------Abc vim end        4, in the middle of the 2 environment skip, and then look at the configuration of the QA environment. Here: "Cron.file" [[email protected]  salt]# cat qa/top.sls qa:   ' * and not tvm-yum ':     - crontab[[email protected] salt]# cat qa/crontab/init.sls ##  With Cron.file This method, you can replace all crontab content cron-ntpdate-office:  cron.file:    -  Name: salt://conf.d/crontab/client.conf Note that this is where you specify the file path with "name" instead of "source." V. Summary of State1, State.sls, state.highstate2, PKGPKG.INSTALLEDPKG.LATESTPKGS3, Filefile.managedfile.replacefile.append4, Serviceservice.runningservice.disabled5, Croncron.presentcron.file6, Grains7, PILLARS8, Includezyxw, reference 1, official website dochttp://docs.saltstack.com/en/latest/topics/tutorials/pillar.htmlhttp://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.htmlhttp:// docs.saltstack.com/en/latest/ref/states/requisites.htmlhttp://docs.saltstack.com/en/latest/ref/states/all/ salt.states.cron.htmlhttp://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.htmlhttp:// Docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.htmlhttp://docs.saltstack.com/en/latest/ref/states /all/salt.states.service.html

Saltstack in-depth-understand the basic usage of state again