SaltStack—配置管理及数据系统
YAML语言
方便人类读写。它实质上是一种通用的数据串行化格式。
它类似于标准通用标记语言的子集XML的数据描述语言,语法比XML简单很多
YAML语言的格式:
house:family:name: Doeparents:- John- Janechildren:- Paul- Mark- Simoneaddress:number: 34street: Main Streetcity: Nowheretownzipcode: 12345
YAML的基本规则:
使用缩进来表示层级关系,每层2个空格,禁止使用TAB键
当冒号不是处于最后时,冒号后面必须有一个空格
用 - 表示列表,- 的后面必须有一个空格
用 # 表示注释
YAML的配置文件在SaltStack的 Master 配置文件中查找file_roots有配置文件所存储的地方
实例:
[root@master ~]# vim /etc/salt/master# base: #默认环境
# - /srv/salt/
# dev: #开发环境
# - /srv/salt/dev/services
# - /srv/salt/dev/states
# prod: #生成环境
# - /srv/salt/prod/services
# - /srv/salt/prod/states
#
#file_roots:
# base:
# - /srv/salt
#
#file_roots:
# test: #测试环境
# - /srv/salt/test#如果修改了配置文件,修改了什么配置文件就重启下什么配置文件注意:base是默认的位置,如果file_roots只有一个,则base是必备的且必须叫base,不能改名
用SaltStack配置一个apache实例
实例:
#取消注释(因为我暂时只需要base环境,所以就改了这一个)
[root@master srv]# vim /etc/salt/master# Example:
file_roots:base:- /srv/salt/base
# dev:
# - /srv/salt/dev/services
# - /srv/salt/dev/states
# prod:
# - /srv/salt/prod/services
# - /srv/salt/prod/states#file_roots:
# base:
# - /srv/salt
#[root@master ~]# mkdir -p /srv/salt/{base,test,dev,prod}
[root@master ~]# tree /srv/salt/
/srv/salt/
├── base
├── dev
├── prod
└── test4 directories, 0 files
#进行重启
[root@master ~]# systemctl restart salt-master
#进入base文件,创建apache目录
[root@master ~]# cd /srv/salt/base/
[root@master base]# mkdir -p web/apache
[root@master base]# tree web
web
└── apache1 directory, 0 files#到apache文件内写生成一个状态描述文件
[root@master base]# cd web/apache/
[root@master apache]# vim apache.sls
[root@master apache]# cat apache.sls
apache-install:pkg.installed:- name: httpdapache-service:service.running:- name: httpd- enable: True#查看下有哪些主机并尝试ping
[root@master apache]# salt-key -L
Accepted Keys:
master
minion
Denied Keys:
Unaccepted Keys:
Rejected Keys:[root@master apache]# salt 'minion' test.ping
minion:True#下面报错的原因:1.配置文件路径错误,在/etc/master内把base的路径修改就好了2.超时了,重新再执行一遍[root@master base]# salt 'minion' state.sls web.apache.apache saltenv=base
[ERROR ] Message timed out
Salt request timed out. The master is not responding. You may need to run your command with `--async` in order to bypass the congested event bus. With `--async`, the CLI tool will print the job id (jid) and exit immediately without listening for responses. You can then use `salt-run jobs.lookup_jid` to look up the results of the job in the job cache later.#出现以下的不是报错,只是连接超时,很正常,根据提醒执行salt-run jobs.lookup_jid 20211102071158706983命令即可[root@master base]# salt 'minion' state.sls web.apache.apache saltenv=baseminion:Minion did not return. [No response]The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:salt-run jobs.lookup_jid 20211102071158706983
ERROR: Minions returned with non-zero exit code[root@master base]# salt-run jobs.lookup_jid 20211102071158706983
minion:
----------ID: apache-installFunction: pkg.installedName: httpdResult: TrueComment: The following packages were installed/updated: httpdStarted: 15:12:03.430379Duration: 78966.615 msChanges: ----------apr:----------new:1.6.3-12.el8old:apr-util:----------new:1.6.1-6.el8old:apr-util-bdb:----------new:1.6.1-6.el8old:apr-util-openssl:----------new:1.6.1-6.el8old:centos-logos-httpd:----------new:85.8-1.el8old:httpd:----------new:2.4.37-40.module_el8.5.0+852+0aafc63bold:httpd-filesystem:----------new:2.4.37-40.module_el8.5.0+852+0aafc63bold:httpd-tools:----------new:2.4.37-40.module_el8.5.0+852+0aafc63bold:mailcap:----------new:2.1.48-3.el8old:mod_http2:----------new:1.15.7-3.module_el8.4.0+778+c970deabold:
----------ID: apache-serviceFunction: service.runningName: httpdResult: TrueComment: Service httpd has been enabled, and is runningStarted: 15:13:22.551856Duration: 19706.83 msChanges: ----------httpd:TrueSummary for minion
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 98.673 s#去minion查看是否开启,任务是否完成[root@minion salt]# ps -ef |grep httpd
root 542618 1 0 15:13 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 543461 542618 0 15:13 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 543462 542618 0 15:13 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 543463 542618 0 15:13 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 543464 542618 0 15:13 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
root 550386 438255 0 15:17 pts/0 00:00:00 grep --color=auto httpd
[root@minion salt]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
执行状态文件的技巧:
先用test.ping测试需要执行状态文件的主机是否能正常通信,然后再执行状态文件
top file
直接通过命令执行sls文件时够自动化吗?答案是否定的,因为我们还要告诉某台主机要执行某个任务,自动化应该是我们让它干活时,它自己就知道哪台主机要干什么活,但是直接通过命令执行sls文件并不能达到这个目的,为了解决这个问题,top file 应运而生。
top file的作用就是告诉对应的主机需要干嘛,比如让minion安装httpd并启动等等
实例:
#查看有几台主机
[root@master salt]# salt-key -L
Accepted Keys:
master
minion
node1
Denied Keys:
Unaccepted Keys:
Rejected Keys:#编写文件
[root@master salt]# cd /srv/salt/base/
[root@master base]# tree
.
└── web└── apache└── apache.sls2 directories, 1 file
[root@master base]# mv web/apache/apache.sls web/apache/install.sls
[root@master base]# mkdir web/nginx
[root@master base]# vim web/nginx/install.sls
[root@master base]# cat web/nginx/install.sls
nginx-install:pkg.installed:- name: nginxnginx-service:service.running:- name: nginx- enable: Ture
[root@master base]# tree
.
├── top.sls
└── web├── apache│ └── install.sls└── nginx└── install.sls3 directories, 3 files#编写文本
[root@master base]# ls
web
[root@master base]# vim top.sls
[root@master base]# cat top.sls
base: #要执行状态文件的环境'minion': #要执行状态文件的目标- web.apache.install #要执行的状态文件'node1':- web.nginx.install #停止minion的httpd
[root@minion ~]# systemctl stop httpd
[root@minion ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:* #使用高级状态来执行
[root@master base]# cd
[root@master base]# salt '*' state.highstate
master:
----------ID: statesFunction: no.NoneResult: FalseComment: No Top file or master_tops data matches found. Please see master log for details.Changes: Summary for master
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
minion:
----------ID: apache-installFunction: pkg.installedName: httpdResult: TrueComment: All specified packages are already installedStarted: 19:20:08.526025Duration: 1175.438 msChanges:
----------ID: apache-serviceFunction: service.runningName: httpdResult: TrueComment: The service httpd is already runningStarted: 19:20:09.704252Duration: 184.149 msChanges: Summary for minion
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 1.360 s
node1:Minion did not return. [No response]The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:salt-run jobs.lookup_jid 20211102112005552563
ERROR: Minions returned with non-zero exit code#查看效果
[root@minion ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
高级状态highstate的使用
管理SaltStack时一般最常用的管理操作就是执行高级状态
注意:以下命令禁止使用:(通知所有主机使用,不现实,一般在工作中都是通知某一台或某些台进行执行)
[root@master ~]# salt '*' state.highstate
在执行高级状态时最好在最后加个test=True进行测试下,这个命令是测试下能不能进行执行,会不会报错,不是真正的执行
实例:
#关闭httpd
[root@minion ~]# systemctl stop httpd
[root@minion ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; v>Active: inactive (dead) since Tue 2021-11-02 19:23:53 CST; 5s agoDocs: man:httpd.service(8)Process: 743738 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (c>Main PID: 743738 (code=exited, status=0/SUCCESS)Status: "Running, listening on: port 80"11月 02 19:18:10 minion systemd[1]: Starting The Apache HTTP Server.>
11月 02 19:18:25 minion httpd[743738]: AH00558: httpd: Could not rel>
11月 02 19:18:25 minion systemd[1]: Started The Apache HTTP Server.
11月 02 19:18:35 minion httpd[743738]: Server configured, listening >
11月 02 19:23:52 minion systemd[1]: Stopping The Apache HTTP Server.>
11月 02 19:23:53 minion systemd[1]: httpd.service: Succeeded.
11月 02 19:23:53 minion systemd[1]: Stopped The Apache HTTP Server.[root@master base]# salt 'minion' state.highstate test=True
minion:
----------ID: apache-installFunction: pkg.installedName: httpdResult: TrueComment: All specified packages are already installedStarted: 19:25:23.452489Duration: 816.64 msChanges:
----------ID: apache-serviceFunction: service.runningName: httpdResult: NoneComment: Service httpd is set to startStarted: 19:25:24.271475Duration: 64.419 msChanges: Summary for minion
------------
Succeeded: 2 (unchanged=1)
Failed: 0
------------
Total states run: 2
Total run time: 881.059 ms#因为只是测试,所有不会真正的打开
[root@minion ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; v>Active: inactive (dead) since Tue 2021-11-02 19:23:53 CST; 1min 5>Docs: man:httpd.service(8)Process: 743738 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (c>Main PID: 743738 (code=exited, status=0/SUCCESS)Status: "Running, listening on: port 80"11月 02 19:18:10 minion systemd[1]: Starting The Apache HTTP Server.>
11月 02 19:18:25 minion httpd[743738]: AH00558: httpd: Could not rel>
11月 02 19:18:25 minion systemd[1]: Started The Apache HTTP Server.
11月 02 19:18:35 minion httpd[743738]: Server configured, listening >
11月 02 19:23:52 minion systemd[1]: Stopping The Apache HTTP Server.>
11月 02 19:23:53 minion systemd[1]: httpd.service: Succeeded.
11月 02 19:23:53 minion systemd[1]: Stopped The Apache HTTP Server.数据系统
SaltStack两大数据系统:
Grains
Pillar
SaltStack数据系统组件
SaltStack组件之Grains
是重要的组件之一,经常性使用,记录minion的一些静态信息的组件(既有事实),就是录着每台minion的一些常用属性(比如说CPU、内存、磁盘、网络信息等)
Grains的功能:
收集资产信息 (在minion启动时收集)
Grains应用场景:
信息查询
在命令行下进行目标匹配
在top file中进行目标匹配
在模板中进行目标匹配
更详细的话点击下面链接去官网进行查看:https://docs.saltproject.io/en/latest/topics/pillar
实例:
[root@master ~]# salt 'minion' grains.items
minion:----------biosreleasedate:07/29/2019biosversion:6.00cpu_flags:- fpu- vme- de- pse- tsc
---此乃分界线-----locale_info:----------defaultencoding:UTF-8defaultlanguage:zh_CNdetectedencoding:UTF-8timezone:CSTlocalhost:minionlsb_distrib_codename:CentOS Stream 8lsb_distrib_id:CentOS Streamlsb_distrib_release:8lvm:----------cs:- home- root- swapmachine_id:a5ceba9bfdf34b7fac11ba59e42d4ffamanufacturer:VMware, Inc.master:192.168.230.131mdadm:mem_total:780nodename:minionnum_cpus:2num_gpus:1os:CentOS Streamos_family:RedHatosarch:x86_64oscodename:CentOS Stream 8osfinger:CentOS Stream-8osfullname:CentOS Streamosmajorrelease:8osrelease:8osrelease_info:- 8path:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/binpid:406137productname:VMware Virtual Platformps:ps -efHwwpythonexecutable:/usr/bin/python3.6pythonpath:- /usr/bin- /usr/lib64/python36.zip- /usr/lib64/python3.6- /usr/lib64/python3.6/lib-dynload- /usr/lib64/python3.6/site-packages- /usr/lib/python3.6/site-packagespythonversion:- 3- 6- 8- final- 0saltpath:/usr/lib/python3.6/site-packages/saltsaltversion:3004saltversioninfo:- 3004selinux:----------enabled:Trueenforced:Permissiveserialnumber:VMware-56 4d cd df 23 18 ee 9c-d3 fc 2f f6 22 dc 91 71server_id:279719642shell:/bin/shssds:swap_total:2139systemd:----------features:+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacyversion:239systempath:- /usr/local/sbin- /usr/local/bin- /usr/sbin- /usr/bintransactional:Falseuid:0username:rootuuid:dfcd4d56-1823-9cee-d3fc-2ff622dc9171virtual:VMwarezfs_feature_flags:Falsezfs_support:Falsezmqversion: #消息队列版本4.3.4#使用grains.get查询IP
[root@master ~]# salt 'minion' grains.get fqdn_ip4
minion:- 192.168.230.139自定义Grains的两种方法:(建议使用第二种)
minion配置文件,在配置文件中搜索grains
在/etc/salt下生成一个grains文件,在此文件中定义(推荐方式)
注意:是在minion主机下进行操作
实例:
#需要重启下进行执行
[root@minion ~]# vim /etc/salt/grains
[root@minion ~]# cat /etc/salt/grains
naicha: dashunaicha
[root@minion ~]# systemctl restart salt-minion#在master进行查看
[root@master ~]# salt 'minion' grains.items
minion:Minion did not return. [No response]The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:salt-run jobs.lookup_jid 20211103030353616214
ERROR: Minions returned with non-zero exit code
[root@master ~]# salt-run jobs.lookup_jid 20211103030353616214---分割君------mdadm:mem_total:780naicha:yuanweinodename:minionnum_cpus:2num_gpus:1
---分割君------#在不重启的情况下进行执行
[root@minion ~]# vim /etc/salt/grains
[root@minion ~]# cat /etc/salt/grains
naicha: dashunaicha#在master进行查看
[root@master ~]# salt 'minion' saltutil.sync_grains
minion:
[root@master ~]# salt 'minion' grains.get
minion:Minion did not return. [No response]The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:salt-run jobs.lookup_jid 20211102081955754593
ERROR: Minions returned with non-zero exit code
[root@master ~]# salt-run jobs.lookup_jid 20211102081955754593
---分割君------master:192.168.230.131mdadm:mem_total:780naicha:dashunaichanodename:minionnum_cpus:2num_gpus:1
---分割君------SaltStack组件之Pillar
是重要的组件之一,是数据管理中心,经常性使用,主要的作用就是存储和定义配置管理中需要的一些数据,比如软件版本号、用户名密码等信息
Master配置文件中有一段Pillar settings选项专门定义Pillar相关的一些参数:
#pillar_roots:
# base:
# - /srv/pillar
默认Base环境下Pillar的工作目录在/srv/pillar目录下,想要定义多个环境不同的Pillar工作目录的话就修改这里的配置文件即可,定义存储格式与Grains类似(都是YAML格式),但是它可以定义谁可以看见这个数据,谁可以使用这个数据
Pillar的特点:
可以给指定的minion定义它需要的数据
只有指定的人才能看到定义的数据
在master配置文件里设置
实例:
[root@master ~]# vim /etc/salt/masterpillar_roots:base:- /srv/pillar/base[root@master ~]# systemctl restart salt-master
[root@master ~]# mkdir -p /srv/pillar/base
[root@master ~]# tree /srv
/srv
├── pillar
│ └── base
└── salt├── base│ ├── top.sls│ └── web│ ├── apache│ │ └── install.sls│ └── nginx│ └── install.sls├── dev├── prod└── test10 directories, 3 files
#下面进行查看pillar的信息是查看不了的,还有个配置文件未打开,因为是测试所有我把它打开,但是后面在工作中,慎重打开
[root@master ~]# salt '*' pillar.items
node1:----------
minion:----------
master:----------[root@master ~]# vim /etc/salt/master899 pillar_opts: True[root@master ~]# salt 'minion' pillar.items---分割君------new:2.4.37-40.module_el8.5.0+852+0aafc63bold:mailcap:----------new:2.1.48-3.el8old:mod_http2:----------new:1.15.7-3.module_el8.4.0+778+c970deabold:
---分割君------ID: apache-serviceFunction: service.runningName: httpdResult: TrueComment: Service httpd has been enabled, and is runningStarted: 15:13:22.551856Duration: 19706.83 msChanges: ----------httpd:TrueSummary for minion
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 98.673 s#东西太多了,所有我去把配置文件再更改回来进行触发使用[root@master ~]# vim /etc/salt/master899 pillar_opts: False#pillar的配置设定在/srv/pillar目录下,使用Pillar须有/srv/pillar/top.sls文件
[root@master ~]# cd /srv/pillar/base/
[root@master base]# ls
[root@master base]# vim apache.sls
[root@master base]# cat apache.sls
{% if grains['os'] == 'CentOS' %}
apache: httpd
{% elif grains['os'] == 'CentOS Stream' %}
apache: test
{% endif %} [root@master base]# vim top.sls
[root@master base]# cat top.sls
base:'minion':- apache [root@master base]# salt '*' pillar.items
node1:----------
minion:----------apache:test
master:----------#在salt下修改apache的状态文件,引用pillar的数据(也就是使用变量的形式执行)
[root@master base]# vim /srv/salt/base/web/apache/install.sls
[root@master base]# cat /srv/salt/base/web/apache/install.sls
apache-install:pkg.installed:- name: {{ pillar['apache'] }}apache-service:service.running:- name: {{ pillar['apache'] }}- enable: True[root@master base]# salt 'minion' state.highstate
minion:Minion did not return. [No response]The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:salt-run jobs.lookup_jid 20211103040328456443
ERROR: Minions returned with non-zero exit code
[root@master base]# salt-run jobs.lookup_jid 20211103040328456443
minion:
----------ID: apache-installFunction: pkg.installedName: testResult: TrueComment: Error occurred installing package(s). Additional info follows:errors:- Running scope as unit: run-r0d4c45b6e2c0419da324fb37cd75ab3a.scopeLast metadata expiration check: 0:00:05 ago on Wed Nov 3 12:04:27 2021.No match for argument: testError: Unable to find a match: testStarted: 12:04:16.049096Duration: 19868.834 msChanges:
----------ID: apache-serviceFunction: service.runningName: testResult: TrueComment: The named service test is not availableStarted: 12:04:36.241902Duration: 51.633 msChanges: Summary for minion
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 19.920 sapache和SaltStack的执行命令区别在于,apache的命令内冒号后面是没有东西的,还要使用引号引起来
apache:
apache-install:pkg.installed:- name:"{{ pillar['apache'] }}"
SaltStack:
apache-install:pkg.installed:- name: {{ pillar['apache'] }}
Grains与Pillar的区别
| 存储位置 | 类型 | 采集方式 | 应用场景 | |
|---|---|---|---|---|
| Grains | minion | 静态 | minion启动时采集 可通过刷新避免重启minion服务 | 1.信息查询 2.在命令行下进行目标匹配 3.在top file中进行目标匹配 4.在模板中进行目标匹配 |
| Pillar | master | 动态 | 指定,实时生效 | 1.目标匹配 2.敏感数据配置 |
扩展知识:敏感数据配置就类似于密码等等
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!