1. Configuration management: state and file
https://docs.saltstack.com/en/latest/topics/states/index.html
1.state state module
Want to host, the Apache , start state, the closed state,
Written 1
[root@linux-node1 web]# pwd /srv/salt/base/web [root@linux-node1 web]# vim apache.sls apache: pkg.installed: - name: httpd service.running: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - usr: root - group: root - mode: 644
Id statement, the global (test, dev, base environment) the only
Pkg state module
. Reference Methods
Installed modular approach
Name: httpd parameters
2.file file management module
Name path management file:
In the ID , the Apache lower, each module can only be used once
Writing 2
[root@linux-node1 web]# vim apache.sls apache-install: pkg.installed: - name: httpd apache-service: service.running - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - usr: root - group: root - mode: 644
Written 3
No statement name , the above mentioned id is the name
apache: pkg.installed: - name: httpd service.running: - name: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - usr: root - group: root - mode: 644 /etc/httpd/conf/php.conf file.managed: - source: salt://apache/files/php.conf - user: root - group: root - mode: 644
2. Automated installation LAMP state design
1. Pkg module
Specified version
Designated warehouse
You need to install software packages
[root@linux-node1 web]# yum install -y httpd php mysql-server php-mysql php-pdo php-cli
2. jinja模板
监控本地的mac ip
用模板的实现jinja
3.file模块
File可以使用grains
4.Service模块
监控文件,文件更新,自动重载服务
5.学习saltstack思路:三段式
学saltstack,学的是思路,三段式
前期版本:
学习状态,先把安装,配置写在一起
3.LAMP的状态实现
三段式: 安装 配置 启动
1.创建目录
[root@linux-node1 prod]# pwd
/srv/salt/prod
[root@linux-node1 prod]# mkdir apache
[root@linux-node1 prod]# mkdir php
[root@linux-node1 prod]# mkdir mysql
2.apache
# sls 配置文件
[root@linux-node1 prod]# cd apache/
[root@linux-node1 apache]# vim apache.sls
apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True
source :对应当前目录,相对路径
- source: salt://apache/files/httpd.conf
你这个环境的根路径 salt: /srv/salt/
# 配置文件,cp
[root@linux-node1 apache]# mkdir files
[root@linux-node1 apache]# cd files/
[root@linux-node1 files]# cp /etc/httpd/conf/httpd.conf .
# 执行命令
默认base目录
[root@linux-node1 files]# salt 'linux-node1*' state.sls apache.apache saltenv=prod
# test
# init.sls
[root@linux-node1 apache]# pwd
/srv/salt/prod/apache
[root@linux-node1 apache]# mv apache.sls init.sls
2.php
# php目录
Php不需要启动服务,以模块的方式通信
安装多个,查看文档
[root@linux-node1 prod]# ls
apache mysql php
[root@linux-node1 prod]# cd php/
[root@linux-node1 php]# mkdir files
[root@linux-node1 php]# vim init.sls
# cp php配置文件
[root@linux-node1 php]# cp /etc/php.ini files/
3.mysql
安装 配置 启动
[root@linux-node1 prod]# vim mysql/init.sls
mysql-install: pkg.installed: - pkgs: - mariadb - mariadb-server mysql-config: file.managed: - name: /etc/my.cnf - source: salt://mysql/files/my.cnf - user: root - group: root - mode: 644 mysql-service: service.running: - name: mariadb - enable: True
# 配置文件
[root@linux-node1 mysql]# mkdir files
[root@linux-node1 mysql]# cd files/
[root@linux-node1 files]# cp /etc/my.cnf .
4.执行state
文件目录
执行
[root@linux-node1 salt]# salt -S '192.168.194.131' state.sls php.init saltenv=prod
[root@linux-node1 salt]# salt -S '192.168.194.131' state.sls mysql.init saltenv=prod
5. 高级状态.
[root@linux-node1 base]# vim top.sls
[root@linux-node1 base]# pwd
/srv/salt/base
[root@linux-node1 base]# salt 'linux-node1*' state.highstate
4. 配置管理:状态间的关系
1. Include功能
https://docs.saltstack.com/en/latest/topics/tutorials/states_pt3.html
[root@linux-node1 prod]# pwd
/srv/salt/prod
[root@linux-node1 prod]# vim lamp.sls
include: - apache.init - php.init - mysql.init
[root@linux-node1 prod]# vim ../base/top.sls
prod: 'linux-node1.example.com': - lamp
[root@linux-node1 prod]# salt -S '192.168.194.131' state.highstate
2.Extend扩展功能
- 增加其他功能,修改配置文件,到最终版本
- Extend 语法
需求:只能在机器1上php-mbstring 包
[root@linux-node1 prod]# vim lamp.sls include: - apache.init - php.init - mysql.init extend: php-install: pkg.installed: - name: php-mbstring [root@linux-node1 prod]# salt -S '192.168.194.131' state.highstate
3. Require依赖
需求:if 上个操作,安装不成功或者配置不成功,下一个不执行
(1)反例子
[root@linux-node1 apache]# vim init.sls
[root@linux-node1 apache]# salt -S '192.168.194.131' state.highstate
(2)依赖于上个操作
[root@linux-node1 apache]# systemctl stop httpd
apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd1.conf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - require: - file: apache-config
[root@linux-node1 apache]# salt -S '192.168.194.131' state.highstate
(3)最终版本:
启动 依赖于 安装,配置
[root@linux-node1 apache]# vim init.sls
[root@linux-node1 apache]# salt -S '192.168.194.131' state.highstate
apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - require: - pkg: apache-install - file: apache-config
(4)Require 我依赖于谁
Require_in 我被谁依赖
[root@linux-node1 apache]# vim init.sls
apache-install: pkg.installed: - name: httpd - require_in: - service: apache-service apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 - require-in: - service: apache-service apache-service: service.running: - name: httpd - enable: True
4.Watch功能:同时有require功能
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#salt.states.service.mod_watch
该配置文件变化,这个服务重启,重载
[root@linux-node1 apache]# vim files/httpd.conf
[root@linux-node1 apache]# salt -S '192.168.194.131' state.highstate
重载
apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - reload: True - watch: - file: apache-config
Watch_in
[root@linux-node1 apache]# cat init.sls
apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 - watch_in: - service: apache-service apache-service: service.running: - name: httpd - enable: True - reload: True
5. 配置管理,状态间的条件判断
需求:Admin输入用户名,密码才能登陆
1.Apache认证登陆
https://blog.csdn.net/alexander_phper/article/details/52242474
- 修改配置
- 用户名密码文件
(1)配置admin页面
[root@linux-node1 apache]# cd /var/www/html/
[root@linux-node1 html]# mkdir admin
[root@linux-node1 html]# cd admin/
[root@linux-node1 admin]# vim index.html
This is admin
(2)配置
# 配置httpd
[root@linux-node1 files]# pwd
/srv/salt/prod/apache/files
[root@linux-node1 files]# vim httpd.conf
<Directory "/var/www/html/admin"> AllowOverride All Order allow,deny Allow from all AuthType Basic AuthName "hehe" AuthUserFile /etc/httpd/conf/htpasswd_file Require user admin </Directory>
[root@linux-node1 files]# whereis htpasswd
htpasswd: /usr/bin/htpasswd /usr/share/man/man1/htpasswd.1.gz
[root@linux-node1 files]# rpm -qf /usr/bin/htpasswd
httpd-tools-2.4.6-89.el7.centos.x86_64
2. Cmd认证模块
Unless
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html
3.配置init.sls
[root@linux-node1 apache]# pwd
/srv/salt/prod/apache
[root@linux-node1 apache]# vim init.sls
4 unless状态判断
If 文件存在:不执行
Else:不存在,执行
Unless
条件为假,执行
apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 - watch_in: - service: apache-service apache-auth: pkg.installed: - name: httpd-tools cmd.run: - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin - unless: test -f /etc/httpd/conf/htpasswd_file apache-service: service.running: - name: httpd - enable: True - reload: True
5.test
6 配置管理 jinja模板
需求:配置文件,监听minion自己本地的ip地址
1.学习方法:
1 官方文档
https://docs.saltstack.com/en/latest/contents.html
2 配置管理
https://docs.saltstack.com/en/latest/topics/states/index.html
3 file模块
https://docs.saltstack.com/en/latest/ref/states/all/index.html#all-salt-states
4 搜索jinja
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#module-salt.states.file
2.jinja
Salt默认模板 jinja2
Jinja2 是一个现代的,设计者友好的,仿照 Django 模板的 Python 模板语言。
http://docs.jinkan.org/docs/jinja2/templates.html
两种分隔符: {% ... %} 和 {{ ... }} 。
前者用于执行诸如 for 循环 或赋值的语句,
后者把表达式的结果打印到模板上
如何区分这是一个模板
3. 如何配置jinja?
1. 修改模板配置文件
2 修改sls增加
conf配置
[root@linux-node1 apache]# pwd /srv/salt/prod/apache [root@linux-node1 apache]# vim files/httpd.conf Listen {{ IPADDR }}:{{ PORT }}
sls
3.验证
[root@linux-node1 apache]# salt -S '192.168.194.131' state.highstate
[root@linux-node1 apache]# vim /etc/httpd/conf/httpd.conf
另一个方法:(不推荐)
