1. 程式人生 > >二 saltstack常用模塊和 jinja模版

二 saltstack常用模塊和 jinja模版

saltstack

1 配置管理 - 狀態模塊 pkg file server

https://www.unixhot.com/docs/saltstack/ref/states/highstate.html

狀態模塊的特點:

  • 狀態是不可以回滾的。
  • 寫好的狀態模塊要支持多次執行。
[root@salt-node4 ~]# cat /srv/salt/web/apache.sls 
apache-install:  # 名稱聲明(id聲明)  高級狀態id必須唯一  ps: 一個id聲明下,狀態模塊不能重復使用。
  pkg.installed: # 安裝模塊   ps:python裏模塊的應用是通過“.”來進行的。
    - names:  # 選項聲明
      - httpd  # 具體的選項,是一個list。
      - httpd-devel

1. pkg模塊

pkg模塊是虛擬的,根據操作系統的不同,調用相關的工具安裝操作系統。

https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.pkg.html#module-salt.states.pkg

pkg模塊常用的方法:

pkg.installed 安裝
pkg.latest 確保最新版本
pkg.remove 卸載
pkg.purge 卸載並且刪除配置文件

使用pkg模塊安裝多個軟件:

lamp-pkg:
  pkg-installed:
    - pkgs:
      - httpd
      - php
      - mysql
      - maridb-server
      - php-mysql
      - php-cli
      - php-mbstring

2. file模塊

https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.file.html#module-salt.states.file

例子:
apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf 
    - source: salt://files/httpd.conf
    - user: root
    - group: root
    - mode: 644

ps:上面如果不寫- name ,還可以寫成這樣,此時他直接管理聲明id:

例子:
/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://files/httpd.conf
    - user: root
    - group: root
    - mode: 644

3. service模塊

https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.service.html#module-salt.states.service

例子:
apache-services:
  service.running:
    - name: httpd
    - enable: True # 允許開機啟動
    - reload: True # 允許重載

4. 狀態之間的關系

  • 1我依賴誰? require
  • 2我被誰依賴? require_in
  • 3我監控誰? watch (包含require)
  • 4我被誰監控?watch_in
  • 5我引用誰?include
  • 6我擴展誰?用到再說。
例子:

我依賴誰? require

apache-services:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - require:  # 他們都正常執行了,我才執行。
      - pkg: lamp-pkg
      - file: apapche-config

我被誰依賴?(誰依賴我?)
mysql-config:
  file.managed:
    - name: /etc/my.conf
    - source: salt://lamp/files/my.cnf
    - user: root
    - gropu: root
    - mode: 644
    - require_in: # 和 require
      - service: mysql-service

我監控誰?
如果配置文件修改了,就重啟服務。
apache-services:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - require:
      - pkg: lamp-pkg
      - file: apapche-config
    - watch:
      - file: apache-config

1.如果監控到apache-config的狀態發生改變(就是配置文件改變了),就重載服務。
2.這裏需要註意,如果加上了relaod : True 就是重載,如果沒有就是重啟。

2 jinja模版

http://docs.jinkan.org/docs/jinja2/

使用背景:

有100臺機器,有一個配置文件需要更改為本機的ip地址。最佳實踐就是通過jinja模版來做。

二種分割符

{{...}} 表示變量的引用
{%...%} 表示表達式

jinja模版使用方法

相當於在jinja模版裏,定義了一個變量,模版配置文件裏面再去調用。

可以在模版文件裏,也可以寫在sls文件裏,然後模版文件直接調用。

1 告訴File模塊,你要使用jinja模版

- template: jinja

2 你要列出參數列表

- defaults:
    PORT: 80   

3 模版裏面進行引用

{{ PORT }}
例子1:

[root@salt-node4 /srv/salt/lamp]# cat config.sls 
apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://lamp/files/httpd.conf
    - user: root
    - gropu: root
    - mode: 644
    - template: jinja # 告訴模塊使用jinjia模版
    - defaults:
      PORT: 88  # 定義的參數

例子2:
nginx-test-index-html:
  file.managed:
    - name:  /usr/local/nginx/html/index.html
    - source: salt://bbs/files/index.html
    - user: root
    - group: root
    - mode: 755
    - template: jinja
    - HOST: {{grains[‘fqdn‘]}}  # 獲取主機名使用grains

在模版裏面進行支持jinja模版

Listen {{PORT}}

# grains
# HOST: {{ grains[‘fqdn_ip4‘][0] }}:{{PORT}}

# 遠程執行模塊
# HWWARE: {{salt[‘network.hw_addr‘](‘eth0‘)}}

# pillar
# {{pillar[‘apache‘]}}

3 實戰 安裝LAMP環境

LAMP架構

1.安裝軟件包 pkg
2.修改配置文件。 file
3.啟動服務

sls文件內容

[root@salt-node4 /srv/salt]# tree lamp/
lamp/
├── files
│   ├── httpd.conf
│   ├── my.cnf
│   └── php.ini
└── lamp.sls

1 directory, 4 files

[root@salt-node4 lamp]# cat lamp.sls 
apache-server:
  pkg.installed:
    - names:
      - httpd
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://lamp/files/httpd.conf
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - defaults:
      PORT: 10000
    - require: 
      - pkg: apache-server
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - require:
      - pkg: apache-server
      - file: apache-server
    - watch:
      - file: apache-server

mysql-server:
  pkg.installed:
    - names:
      - mariadb
      - mariadb-server
  file.managed:
    - name: /etc/my.conf
    - source: salt://lamp/files/my.cnf
    - user: root
    - group: root
    - mode: 644
    - require:
      - pkg: mysql-server
  service.running:
    - name: mariadb
    - enable: True
    - reload: True
    - require:
      - pkg: mysql-server
      - file: mysql-server
    - watch:
      - file: mysql-server

php-config:
  pkg.installed:
    - pkgs:
      - php
      - php-mysql
      - php-cli
      - php-mbstring
  file.managed:
    - name: /etc/php.ini
    - source: salt://lamp/files/php.ini
    - user: root
    - group: root
    - mode: 644
    - require:
      - pkg: php-config

[root@salt-node4 /srv/salt]# salt ‘*‘ state.sls lamp.lamp

4 實戰 一鍵安裝集群

集群架構圖

頭腦風暴

環境分類

  • 開發環境
  • 測試環境
  • 預生產環境
  • 生產環境

salt環境

  • base基礎環境

    • 1 dns配置
    • 2 歷史命令記錄
    • 3 歷史命令記錄日誌
    • 4 內核參數優化
    • 5 安裝yum倉庫
    • 6 安裝zabbix
  • prod 生產環境

知識拓展

什麽叫做五元組?

源地址、源端口、目標地址、目標端口、協議

修改內核參數的模塊http://docs.saltstack.cn/ref/states/all/salt.states.sysctl.html#module-salt.states.sysctl

在調試時如果遇到報錯,請看報錯

1. 修改master配置文件

[root@salt-node4 /srv/salt/lamp]# vim /etc/salt/master
 534 file_roots:
 535   base:
 536     - /srv/salt/base
 537   prod:
 538     - /srv/salt/prod
 ...
 696 pillar_roots:
 697   base:
 698     - /srv/pillar/base
 699    prod:
 700     - /srv/pillar/prod

2. 新建對應的目錄。

[root@salt-node4 ~]# mkdir -p /srv/{pillar,salt}
[root@salt-node4 ~]# mkdir -p /srv/pillar/{base,prod}
[root@salt-node4 ~]# mkdir -p /srv/salt/{base,prod}  
[root@salt-node4 ~]# tree /srv/
/srv/
├── pillar  # 定義pillar相關
│   ├── base
│   └── prod
└── salt    # 部署相關 
    ├── base
    └── prod

6 directories, 0 files
[root@salt-node4 /srv]# cd salt/base/
[root@salt-node4 /srv/salt/base]# mkdir init # 初始化文件夾啊

3. 系統初始化sls文件

參考趙班長寫好的sls文件。

[root@salt-node4 ~]# git clone https://github.com/unixhot/saltbook-code.git
Cloning into ‘saltbook-code‘...
remote: Counting objects: 87, done.
remote: Total 87 (delta 0), reused 0 (delta 0), pack-reused 87
Unpacking objects: 100% (87/87), done.

[root@salt-node4 ~]# cp -a saltbook-code/salt/base/* /srv/salt/base/
[root@salt-node4 ~]# tree /srv/salt/base/
/srv/salt/base/
├── init
│   ├── audit.sls
│   ├── dns.sls
│   ├── env_init.sls
│   ├── epel.sls
│   ├── files
│   │   ├── resolv.conf
│   │   └── zabbix_agentd.conf
│   ├── history.sls
│   ├── sysctl.sls
│   └── zabbix_agent.sls
└── top.sls

2 directories, 10 files

#歷史命令追加到/var/log/message
[root@salt-node4 /srv/salt/base/init]# cat audit.sls 
/etc/bashrc:
  file.append:
    - text:
      - export PROMPT_COMMAND=‘{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }‘

# 內核參數優化
[root@salt-node4 /srv/salt/base/init]# cat sysctl.sls 
net.ipv4.ip_local_port_range:
  sysctl.present:
    - value: 10000 65000
fs.file-max:
  sysctl.present:
    - value: 2000000
net.ipv4.ip_forward:
  sysctl.present:
    - value: 1
vm.swappiness:
  sysctl.present:
    - value: 0

# dns修改
[root@salt-node4 /srv/salt/base/init]# cat dns.sls 
/etc/resolv.conf:
  file.managed:
    - source: salt://init/files/resolv.conf
    - user: root
    - gourp: root
    - mode: 644

# 更換epel源
[root@salt-node4 /srv/salt/base/init]# cat epel.sls 
yum_repo_release:
  pkg.installed:
    - sources:
      - epel-release: http://mirrors.aliyun.com/repo/epel-7.repo 
      - zabbix-epel: https://mirrors.aliyun.com/zabbix/zabbix/3.0/rhel/7/x86_64/zabbix-get-3.0.5-1.el7.x86_64.rpm
    - unless: rpm -qa | grep epel-release-7-8.noarch

# 歷史命令增加時間
[root@salt-node4 /srv/salt/base/init]# cat history.sls 
/etc/profile:
  file.append:
    - text:
      - export HISTTIMEFORMAT="%F %T `whoami` "

# 安裝zabbix-agent
[root@salt-node4 init]# cat zabbix_agent.sls 
zabbix-epel:
  file.managed:
    - name: /tmp/zabbix-release-3.0-1.el7.noarch.rpm 
    - source: salt://init/files/zabbix-release-3.0-1.el7.noarch.rpm 
    - backup: minion # 文件替換建議都加上這個參數,防止誤操作文件被替換
  cmd.run:
    - name: rpm -vih /tmp/zabbix-release-3.0-1.el7.noarch.rpm
    - require:
      - file: zabbix-epel
    - unless: rpm -qa |grep zabbix-release

zabbix-agent:
  pkg.installed:
    - name: zabbix-agent
    - require:
      - file: zabbix-epel
  file.managed:
    - name: /etc/zabbix_agentd.conf
    - source: salt://init/files/zabbix_agentd.conf
    - backup: minion
    - template: jinja
    - defaults:
      server: {{ pillar[‘zabbix-server‘] }}   # 配置文件zabbix_agent.conf裏引用這個變量 {{ server }}
    - require:
      - pkg: zabbix-agent
  service.running:
    - enable: True
    - watch:
      - pkg: zabbix-agent
      - file: zabbix-agent
zabbix_agentd.conf.d:
  file.directory:
    - name: /etc/zabbix_agentd.conf.d
    - backup: minion
    - watch_in:
      - service: zabbix-agent
    - require:
      - pkg: zabbix-agent
      - file: zabbix-agent

[root@salt-node4 init]# cat env_init.sls 
include:
  - init.dns    
  - init.history
  - init.audit
  - init.sysctl
  - init.epel
  - init.zabbix_agent

topfile文件

[root@salt-node4 base]# cat top.sls
base:
  ‘*‘:
    - init.env_init

pillar 文件內容

[root@salt-node4 /srv]# cat pillar/base/top.sls 
base:
  ‘*‘:
    - zabbix.agent
[root@salt-node4 /srv]# cat pillar/base/zabbix/agent.sls 
zabbix-server: 10.0.0.202
[root@salt-node4 /srv]# 

知識拓展

http://docs.saltstack.cn/ref/states/all/salt.states.file.html#module-salt.states.file

在替換文件時建議加上 - backend: minion 參數。
文件在更改替換後,備份文件保存在/var/cache/salt/minion/file_backup下:

[root@salt-node4 /etc/yum.repos.d]# tree /var/cache/salt/minion/
/var/cache/salt/minion/
├── accumulator
├── extmods
├── file_backup
│   └── etc
│       └── zabbix_agentd.conf_Fri_Mar_17_05:11:38_395952_2017

4. 部署軟件

4.1 部署haproxy

1.新建相關目錄

# 對要安裝的內容進行拆分,拆的越小,靈活度越高。
[root@salt-node4 ~]# cd /srv/salt/prod
[root@salt-node4 prod]# mkdir {modules,cluster,bbs}
[root@salt-node4 prod]# cd modules/
[root@salt-node4 modules]# mkdir haproxy  keepalived  libevent  memcached  nginx  pcre  php  pkg  user

2.haproxy 和 依賴的模塊文件內容。

[root@salt-node4 modules]# cat haproxy/install.sls 
include:
  - modules.pkg.pkg-init

haproxy-install:
  file.managed:
    - name: /usr/local/src/haproxy-1.6.3.tar.gz
    - source: salt://modules/haproxy/files/haproxy-1.6.3.tar.gz
    - mode: 755
    - user: root
    - group: root
  cmd.run:
    - name: cd /usr/local/src && tar zxf haproxy-1.6.3.tar.gz && cd haproxy-1.6.3 && make TARGET=linux2628 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
    - unless: test -d /usr/local/haproxy
    - require:
      - pkg: pkg-init
      - file: haproxy-install

/etc/init.d/haproxy:
  file.managed:
    - source: salt://modules/haproxy/files/haproxy.init
    - mode: 755
    - user: root
    - group: root
    - require:
      - cmd: haproxy-install

net.ipv4.ip_nonlocal_bind:
  sysctl.present:
    - value: 1

haproxy-config-dir:
  file.directory:
    - name: /etc/haproxy
    - mode: 755
    - user: root
    - group: root

haproxy-init:
  cmd.run:
    - name: chkconfig --add haproxy   # 將haproxy添加到開機啟動裏。 
    - unless: chkconfig --list | grep haproxy  # 如果已經添加到開機啟動了,就不執行這個操作。
    - require:
      - file: /etc/init.d/haproxy
[root@salt-node4 modules]# 

依賴模塊內容
[root@salt-node4 modules]# cat pkg/pkg-init.sls 
pkg-init:
  pkg.installed:
    - names:
      - gcc
      - gcc-c++
      - glibc
      - make
      - autoconf
      - openssl
      - openssl-devel

# haproxy 服務器啟動模塊

[root@salt-node4 /srv/salt/prod/cluster]# cat haproxy-outside.sls 
include:
  - modules.haproxy.install

haproxy-service:
  file.managed:
    - name: /etc/haproxy/haproxy.cfg
    - source: salt://cluster/files/haproxy-outside.cfg 
    - user: root
    - group: root
    - mode: 644
    - backup: minion

  service.running:
    - name: haproxy
    - enable: True
    - reload: True
    - require:
      - cmd: haproxy-install
      - file: haproxy-service
    - watch:
      - file: haproxy-service 

# top file文件
[root@salt-node4 /srv/salt/prod/cluster]# cat /srv/salt/base/top.sls
base:
  ‘*‘:
    - init.env_init

prod:
  ‘*‘:
      - cluster.haproxy-outside

[root@salt-node4 /srv/salt/prod/cluster]# salt ‘*‘ state.highstate

3測試

用戶名:haproxy
密碼:saltstack
網頁訪問:http://10.0.0.203:8888/haproxy-status

[root@salt-node4 prod]# netstat -tnlpau|grep ha
tcp        0      0 10.0.0.254:80           0.0.0.0:*               LISTEN      95442/haproxy       
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      95442/haproxy       
udp        0      0 0.0.0.0:26141           0.0.0.0:*                           95442/haproxy   

4.2 部署memcached 和 keepalived

知識擴充 什麽是seesion?

會話是在服務器端產生的,是為了標識唯一用戶。因為http是無狀態的。
每一個用戶連接服務器都會產生一個session,為了標識就用了session,session存儲在客戶端的cookie裏,客戶端連接服務器端,每次都會將cookie發送給服務器驗證。

用戶模塊:
用戶組模塊
用戶模塊


[root@salt-node4 /srv/salt/prod/modules]# cat memcached/install.sls 
include:
  - modules.libevent.install

memcached-install:
  file.managed:
    - name: /usr/local/src/memcached-1.4.24.tar.gz
    - source: salt://modules/memcached/files/memcached-1.4.24.tar.gz
    - require:
      - cmd: libevent-source-install
  cmd.run:
    - name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install
    - unless: tess -d /usr/local/memcached
    - require:
      - file: memcached-install
[root@salt-node4 /srv/salt/prod/modules]# cat keepalived/
files/       install.sls  
[root@salt-node4 /srv/salt/prod/modules]# cat keepalived/install.sls 
keepalived-service:
  file.managed:
    - name: /usr/local/src/keepalived-1.2.17.tar.gz
    - source: salt://modules/keepalived/files/keepalived-1.2.17.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
    - unless: test -d /usr/local/keepalived
    - require:
      - file: keepalived-service

keepalived-config:
  file.managed:
    - name: /etc/sysconfig/keepalived
    - source: salt://modules/keepalived/files/keepalived.sysconfig
    - user: root
    - group: root
    - mode: 755
    - require:
      - cmd: keepalived-service

keepalived-cmd:
  file.managed:
    - name: /etc/init.d/keepalived
    - source: salt://modules/keepalived/files/keepalived.init
    - user: root
    - group: root
    - mode: 755
    - require:
      - file: keepalived-config

keepalived-run:
  cmd.run:
    - name: chkconfig --add keepalived
    - unless: chkconfig --list|grep keepalived
    - require:
      - cmd: keepalived-service
      - file: keepalived-cmd
  service.running:
    - name: keepalived
    - enable: True
    - reload: True

keepalived-directory:
  file.directory:
    - name: /etc/keepalived
    - user: root
    - group: root

4.3 部署nginx php bbs

# nginx sls文件
[root@salt-node4 /srv/salt/prod/modules]# cat nginx/install.sls 
include:
  - modules.user.www
  - modules.pcre.install
  - modules.pkg.pkg-init
nginx-install:
  file.managed:
    - name: /usr/local/src/nginx-1.9.1.tar.gz
    - source: salt://modules/nginx/files/nginx-1.9.1.tar.gz
    - user: root
    - group: root
    - mode: 755

  cmd.run:
    - name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx
    - unless: test -d /usr/local/nginx
    - require: 
      - file: nginx-install
      - user: www-user-group
      - cmd: pcre-source-install
      - pkg: pkg-init

nginx-config:
  file.managed:
    - name: /usr/local/nginx/conf/nginx.conf
    - source: salt://modules/nginx/files/nginx.conf
    - user: root
    - group: root
    - mode: 755
    - require:
      - cmd: nginx-install

nginx-directory-online:
  file.directory:
    - name:  /usr/local/nginx/conf/vhost_online
    - require: 
      - cmd: nginx-install

nginx-directory-offline:
  file.directory:
    - name:  /usr/local/nginx/conf/vhost_offline
    - require:
      - cmd: nginx-install

nginx-cmd:
  file.managed:
    - name: /etc/init.d/nginx
    - source: salt://modules/nginx/files/nginx-init
    - user: root
    - group: root
    - mode: 755
    - require:
      - cmd: nginx-install

  cmd.run:
    - name: chkconfig --add nginx
    - unless: chkconfig --list|grep nginx
    - require:
      - file: nginx-directory-offline
      - file: nginx-cmd
      - file: nginx-config
      - cmd: nginx-install

  service.running:
    - name: nginx
    - enable: True
    - reload: True
    - require: 
      - cmd: nginx-cmd
    - watch:
      - file: nginx-config

# php 安裝文件
[root@salt-node4 /srv/salt/prod/modules]# cat php/install.sls 
include:
  - modules.user.www
  - modules.pkg.pkg-init

pkg-php:
  pkg.installed:
    - names:
      - openssl-devel
      - swig
      - libjpeg-turbo
      - libjpeg-turbo-devel
      - libpng
      - libpng-devel
      - freetype
      - freetype-devel
      - libxml2
      - libxml2-devel
      - zlib
      - zlib-devel
      - libcurl
      - libcurl-devel

php-source-install:
  file.managed:
    - name: /usr/local/src/php-5.6.9.tar.gz
    - source: salt://modules/php/files/php-5.6.9.tar.gz
    - user: root
    - group: root
    - mode: 755

  cmd.run:
    - name: cd /usr/local/src && tar zxf php-5.6.9.tar.gz && cd php-5.6.9&&  ./configure --prefix=/usr/local/php-fastcgi --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-jpeg-dir --with-png-dir --with-zlib --enable-xml  --with-libxml-dir --with-curl --enable-bcmath --enable-shmop --enable-sysvsem  --enable-inline-optimization --enable-mbregex --with-openssl --enable-mbstring --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/lib64 --with-gettext=/usr/lib64 --enable-sockets --with-xmlrpc --enable-zip --enable-soap --disable-debug --enable-opcache --enable-zip --with-config-file-path=/usr/local/php-fastcgi/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www && make && make install
    - require:
      - file: php-source-install
      - user: www-user-group
    - unless: test -d /usr/local/php-fastcgi

pdo-plugin:
  cmd.run:
    - name: cd /usr/local/src/php-5.6.9/ext/pdo_mysql/ && /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config &&  make&& make install
    - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/pdo_mysql.so
    - require:
      - cmd: php-source-install

php-ini:
  file.managed:
    - name: /usr/local/php-fastcgi/etc/php.ini
    - source: salt://modules/php/files/php.ini-production
    - user: root
    - group: root
    - mode: 644

php-fpm:
  file.managed:
    - name: /usr/local/php-fastcgi/etc/php-fpm.conf
    - source: salt://modules/php/files/php-fpm.conf.default
    - user: root
    - group: root
    - mode: 644

php-fastcgi-service:
  file.managed:
    - name: /etc/init.d/php-fpm
    - source: salt://modules/php/files/init.d.php-fpm
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add php-fpm
    - unless: chkconfig --list|grep php-fpm
    - require:
      - file: php-fastcgi-service
  service.running:
    - name: php-fpm
    - enable: True
    - reload: True
    - require:
      - cmd: php-fastcgi-service
    - watch:
      - file: php-ini
      - file: php-fpm
[root@salt-node4 /srv/salt/prod/modules]# cat php/php-redis.sls 
redis-plugin:
  file.managed:
    - name: /usr/local/src/redis-2.2.7.tgz
    - source: salt://modules/php/files/redis-2.2.7.tgz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src && tar zxf redis-2.2.7.tgz && cd redis-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config &&  make&& make install
    - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/redis.so
  require:
    - file: redis-plugin
    - cmd: php-install

redis-php-config:
  file.append:
    - name: /usr/local/php-fastcgi/etc/php.ini
    - text:
      - extension=redis.so
[root@salt-node4 /srv/salt/prod/modules]# cat php/php-memcache.sls 
memcache-plugin:
  file.managed:
    - name: /usr/local/src/memcache-2.2.7.tgz
    - source: salt://modules/php/files/memcache-2.2.7.tgz
    - user: root
    - group: root
    - mode: 755

  cmd.run:
    - name: cd /usr/local/src && tar zxf memcache-2.2.7.tgz && cd memcache-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --enable-memcache --with-php-config=/usr/local/php-fastcgi/bin/php-config &&  make&& make install
    - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/memcache.so
  require:
    - file: memcache-plugin
    - cmd: php-install

memcache-php-config:
  file.append: 
    - name: /usr/local/php-fastcgi/etc/php.ini
    - text:
      - extension=memcache.so

# make模塊
[root@salt-node4 /srv/salt/prod/modules]# cat pkg/pkg-init.sls 
pkg-init:
  pkg.installed:
    - names:
      - gcc
      - gcc-c++
      - glibc
      - make
      - autoconf
      - openssl
      - openssl-devel

# 增加www用戶的模塊
[root@salt-node4 /srv/salt/prod/modules]# cat user/www.sls 
www-user-group:
  group.present:
    - name: www
    - gid: 1000

  user.present:
    - name: www
    - fullname: www
    - shell: /sbin/nologin
    - uid: 1000
    - gid: 1000

#  memcached 安裝模塊
[root@salt-node4 /srv/salt/prod]# cat bbs/memcached.sls 
include:
  - modules.user.www
  - modules.memcached.install

memcached-service:
  cmd.run:
  - name: /usr/local/memcached/bin/memcached -d -m 128 -p 11211 -c 8096 -u www
  - unless: netstat -tnlpua|grep 11211
  - require:
    - cmd: memcached-install
    - user: www-user-group
    - group: www-user-group

# bbs模塊
[root@salt-node4 /srv/salt/prod]# cat bbs/web.sls 
include:
  - modules.nginx.install
  - modules.php.install
  - modules.php.php-memcache
  - modules.php.php-redis

nginx-vhost-online:
  file.managed:
    - name: /usr/local/nginx/conf/vhost_online/nginx_bbs.conf
    - source: salt://bbs/files/nginx_bbs.conf
    - user: root
    - group: root
    - mode: 644
    - require:
      - cmd: nginx-install 
    - watch_in:
      - service: nginx-cmd 

nginx-test-index-html:
  file.managed:
    - name:  /usr/local/nginx/html/index.html
    - source: salt://bbs/files/index.html
    - user: root
    - group: root
    - mode: 755
    - template: jinja
    - HOST: {{grains[‘fqdn‘]}}

top file文件

[root@salt-node4 /srv/salt]# cat base/top.sls
base:
  ‘*‘:
    - init.env_init

prod:
  ‘*‘:
      - cluster.haproxy-outside
      - cluster.haproxy-outside-keepalive
      - bbs.web

二 saltstack常用模塊和 jinja模版