SaltStack配置管理--狀態間的關系
阿新 • • 發佈:2018-01-20
瀏覽器 diff 組合 roc test found std highstate 文件 SaltStack配置管理--狀態間的關系
1、include的引用
需求場景:用於含有多個SLS的狀態,使用include可以進行多個狀態的組合
[root@linux-node1 prod]# pwd /srv/salt/prod [root@linux-node1 prod]# vim lamp.sls include: - apache.init - php.init - mysql.init [root@linux-node1 prod]# vim ../base/top.sls prod: ‘linux-node1.example.com‘: - lamp [root@linux-node1 prod]# salt -S "192.168.56.11" state.highstate linux-node1.example.com: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: All specified packages are already installed Started: 09:29:20.324067 Duration: 984.864 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 09:29:21.311111 Duration: 50.95 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: The service httpd is already running Started: 09:29:21.362769 Duration: 52.404 ms Changes: ---------- ID: php-install Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 09:29:21.415555 Duration: 0.693 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini is in the correct state Started: 09:29:21.416438 Duration: 15.578 ms Changes: ---------- ID: mysql-install Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 09:29:21.432162 Duration: 0.542 ms Changes: ---------- ID: mysql-config Function: file.managed Name: /etc/my.cnf Result: True Comment: File /etc/my.cnf is in the correct state Started: 09:29:21.432807 Duration: 38.858 ms Changes: ---------- ID: mysql-service Function: service.running Name: mariadb Result: True Comment: The service mariadb is already running Started: 09:29:21.471799 Duration: 38.431 ms Changes: Summary for linux-node1.example.com ------------ Succeeded: 8 Failed: 0 ------------ Total states run: 8 Total run time: 1.182 s
2、extend的使用
需求場景:軟件包安裝的時候,需求假設:只在node1上按裝php-mbstring包,其他的機器不安裝。
[root@linux-node1 prod]# pwd /srv/salt/prod [root@linux-node1 prod]# vim lamp.sls include: - apache.init - php.init - mysql.init extend: php-install: pkg.installed: - name: php-mbstring [root@linux-node1 prod]# salt -S "192.168.56.11" state.highstate
3、require和require_in的使用
require:我依賴誰
require_in:我被誰依賴
需求場景:如果安裝不成功或者配置httpd不成功,不啟動httpd
(1)require使用 [root@linux-node1 apache]# pwd /srv/salt/prod/apache [root@linux-node1 apache]# systemctl stop httpd [root@linux-node1 apache]# vim init_require.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd1.conf----->將此處的文件改錯,模擬配置錯誤 - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - require:---------------------------->使用require,表示依賴 - pkg: apache-install--------------->依賴的狀態模塊為pkg模塊,id為apache-install - file: apache-config--------------->依賴的狀態模塊為file模塊,id為apache-config [root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate #執行模塊提示會有報錯,此時httpd不會正常啟動 ...... ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: False Comment: Source file salt://apache/files/httpd1.conf not found Started: 09:48:33.459243 Duration: 40.414 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: False Comment: One or more requisite failed: apache.init.apache-config Changes: ---------- ...... Summary for linux-node1.example.com ------------ Succeeded: 6 Failed: 2 ------------ Total states run: 8 Total run time: 1.110 s [root@linux-node1 apache]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: inactive (dead) since Sat 2018-01-20 09:44:04 CST; 4min 59s ago Docs: man:httpd(8) man:apachectl(8) Process: 65439 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS) Main PID: 1025 (code=exited, status=0/SUCCESS) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" Jan 17 10:41:59 linux-node1 systemd[1]: Starting The Apache HTTP Server... Jan 17 10:42:02 linux-node1 systemd[1]: Started The Apache HTTP Server. Jan 18 03:49:02 linux-node1 systemd[1]: Reloaded The Apache HTTP Server. Jan 20 09:43:53 linux-node1 systemd[1]: Stopping The Apache HTTP Server... Jan 20 09:44:04 linux-node1 systemd[1]: Stopped The Apache HTTP Server. (2)require_in使用 [root@linux-node1 apache]# vim init_require_in.sls apache-install: pkg.installed: - name: httpd - require_in:------------------>被依賴 - service: apache-service---->被依賴的模塊是service,id為apache-service apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 - require_in: - service: apache-service apache-service: service.running: - name: httpd - enable: True 解釋說明:require和require_in都能實現依賴的功能,主動和被動的關系不同
4、watch和watch_in的使用
需求場景:監控配置文件變動,重啟服務或重載服務
[root@linux-node1 apache]# pwd
/srv/salt/prod/apache
[root@linux-node1 apache]# vim init_watch.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- watch:---------------------->使用watch
- file: apache-config------->監控的模塊為file,id為apache-config
[root@linux-node1 apache]# vim files/httpd.conf #隨意修改配置文件
[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate
......
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 10:07:14.430189
Duration: 55.133 ms
Changes:
----------
diff:
---
+++
@@ -1,4 +1,5 @@
#
+#hahahaaha--------------->檢測到配置文件增加的內容
#hahahaaha
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service restarted---------------------->將服務重啟
Started: 10:07:14.533852
Duration: 1219.798 ms
Changes:
----------
httpd:
True
......
#增加reload參數,讓服務重載
[root@linux-node1 apache]# vim init_watch.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True----------------------------------->增加參數重載
- watch:
- file: apache-config
[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated------>檢測文件有變化
Started: 10:10:08.493557
Duration: 53.016 ms
Changes:
----------
diff:
---
+++
@@ -1,4 +1,5 @@
#
+#hahahaaha
#hahahaaha
#hahahaaha
# This is the main Apache HTTP server configuration file. It contains the
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded---------------->服務重載
Started: 10:10:08.596434
Duration: 158.753 ms
Changes:
----------
httpd:
True
----------
#watch_in的使用和require_in是一樣的5、unless:狀態間的條件判斷
需求場景:給apache的admin目錄進行加密登陸查看
(1)修改配置文件,添加認證功能
[root@linux-node1 apache]# vim files/httpd.conf
<Directory "/var/www/html/admin">
AllowOverride All
Order allow,deny
Allow from all
AuthType Basic
AuthName "haha"
AuthUserFile /etc/httpd/conf/htpasswd_file
Require user admin
</Directory>
(2)修改狀態文件init.sls
[root@linux-node1 apache]# vim init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:------>使用cmd模塊的run方法
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin---->生成密碼文件
- unless: test -f /etc/httpd/conf/htpasswd_file---->unless判斷條件,test -f判斷為假則執行。即htpasswd文件如果不存在就執行生成密碼
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-config
[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate
......
----------
ID: apache-auth
Function: cmd.run
Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
Result: True
Comment: Command "htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin" run
Started: 10:34:54.930867
Duration: 48.152 ms
Changes:
----------
pid:
4166
retcode:
0
stderr:
Adding password for user admin
stdout:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 10:34:55.014468
Duration: 162.844 ms
Changes:
----------
httpd:
True
......瀏覽器訪問192.168.56.11/admin/index.html會出現密碼驗證
SaltStack配置管理--狀態間的關系