| Guide | Saltstack is an open source project created by Thomas Hatch Yu. It was originally designed to implement a fast remote execution system. Used to manage your infrastructure, you can easily manage thousands of servers. This article mainly demonstrates the use of saltstack to manage server files (such as /etc/hosts, /etc/resolv.conf) and scheduled tasks. |
Introduction
Saltstack is an open source project created by Thomas Hatch Yu. It was originally designed to implement a fast remote execution system. Used to manage your infrastructure, you can easily manage thousands of servers.
More functions about saltstack are not covered in this article. This article mainly demonstrates the use of saltstack to manage server files (such as /etc/hosts, /etc/resolv.conf) and scheduled tasks.
scenes to be used
When maintaining a large number of servers, after the system is generally initialized and online, we hope that some configuration files of all server systems are the same. At this time, we need a tool to manage these files in batches to ensure the consistency of the configuration files, such as:/ The etc/resolv.conf file. We will hope that this document is unified at all times. Next, we will demonstrate this feature through saltstack
Environmental preparation
You need to install the salt-master salt-minion yourself, and use the test.ping module to check the minion on the master, as shown below
[root@saltmaster001 salt] salt 'qd01-stop-free002*' test.ping
qd01-stop-free002:
True
Configure master
Modify /etc/salt/master and add the following
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
pillar_opts: True
Write sls file
1. Switch to the /srv/salt directory, we create a new sysinit directory, which is mainly used to manage some configuration files of the system
2. cd sysinit, create conf, scripts directories, and create sysinit.sls file
[root@saltmaster001 sysinit]# ll
total 4
drwxr-xr-x 2 root root 191 Dec 31 11:48 conf
drwxr-xr-x 2 root root 198 Dec 14 12:41 scripts
-rw-r--r-- 1 root root 3107 Dec 31 11:49 sysinit.sls
Description:
The conf directory mainly stores configuration files, such as hosts, resolv.conf and other configuration files.
The scripts directory mainly stores script files, such as your own system environment monitoring script check_server_env.sh and other scripts
3. Write sysinit.sls
/opt/resolv.conf:
file.managed:
- source: salt://sysinit/conf/resolv.conf
- user: root
- group: root
- mode: 644
- replaceTrue: True
As shown above, here is an explanation, the file module of salt is mainly used here
/opt/resolv.conf:表示需要管理的配置文件所在的目录(minion端)这里表示把master的salt://sysinit/conf/resolv.conf同步到minion端的/opt/resolv.conf
source:文件的源路径
user:文件所属用户
group:文件所属组
mode:文件权限
replaceTrue :强制文件和master一致
4. Create top.sls in /srv/salt
base:
'*':
- sysinit.sysinit
The above code means: the sysinit.sls file in the sysinit directory will be executed by salt, and the target is all minion terminals
The configuration files and sls files required above are all written, let’s execute and see the effect
5. Perform synchronization
My minion only has one server qd01-stop-free002, first look at the opt directory, now there is no resolv.conf file
[root@qd01-stop-free002 opt]# ll
total 8
drwxr-xr-x 4 root root 4096 Jul 13 2017 dell
drwxr-xr-x 10 root root 4096 Mar 26 2019 gitlab
Manual synchronization
[root@saltmaster001 salt]# salt 'qd01-stop-free002' state.apply sysinit.sysinit
qd01-stop-free002:
----------
ID: /opt/resolv.conf
Function: file.managed
Result: True
Comment: File /opt/resolv.conf updated
Started: 15:31:17.355667
Duration: 52.986 ms
Changes:
----------
diff:
New file
mode:
0644
Now look at the /opt directory of qd01-stop-free002, there is already a resolv.conf file
[root@qd01-stop-free002 opt]# ll
total 12
drwxr-xr-x 4 root root 4096 Jul 13 2017 dell
drwxr-xr-x 10 root root 4096 Mar 26 2019 gitlab
-rw-r--r-- 1 root root 103 Jan 6 15:34 resolv.conf
Now you can see that although the minion side has synchronized the files on the master side, this is a synchronization that we manually perform. If we need to check this regularly, we need to use salt schedule
6, configure schedule
The schedule can be configured to the master or minion side, this article is configured to the master side
Modify the /etc/salt/master file and add the following
##### schedule #####
schedule:
sysinit:
function: state.orchestrate
seconds: 0
minutes: 5
hours: 0
args:
- orchestration.sysinit.sysinit
Description:
Use salt's state.orchestrate function, minutes: 5 means check every five minutes. args means sls to be executed, here is sysinit.sysinit, which can be seen from the structure is the /srv/salt/sysinit/sysinit.sls file. Observe carefully and you will know this structure. Linux should be learned like this
After configuring me, I need to restart salt-master
[root@altmaster001 salt]# systemctl restart salt-master
Delete the /opt/resolv.conf of qd01-stop-free002 again, and observe after 5 minutes, /opt/resolv.conf is back again.
The above is a demonstration of how to use salt to automatically manage the configuration file of a remote server. If you need to manage multiple configuration files, you only need to modify the sysinit.sls file, for example
/opt/resolv.conf:
file.managed:
- source: salt://sysinit/conf/resolv.conf
- user: root
- group: root
- mode: 644
- replaceTrue: True
/root/.ssh/authorized_keys:
file.managed:
- source: salt://sysinit/conf/authorized_keys
- user: root
- group: root
- mode: 0600
- replaceTrue: True
Manage cron tasks
1. Like the management configuration file, we also modify the sysinit.sls file, but here we use the salt cron module
root_crontab_job1:
cron.present:
- name: sh /home/ntp.sh >> /tmp/ntp.log
- minute: "00"
- hour: "*/2"
- identifier: NTP
Description:
cron.present: salt module
name: task statement, consistent with the cron task of the system
Minute, hour, day, month, week reference crontab
identifier: task identifier
After modifying sysinit.sls, we save and exit, because we have previously configured the automatic synchronization sls task. Check the crontab -l on the qd01-stop-free002 machine after five minutes
# Lines below here are managed by Salt, do not edit
# SALT_CRON_IDENTIFIER:NTP
00 */2 * * * sh /home/ntp.sh >> /tmp/ntp.log