1. 程式人生 > >SaltStack配置管理--狀態間的關系

SaltStack配置管理--狀態間的關系

瀏覽器 diff 組合 roc test found std highstate 文件

SaltStack配置管理--狀態間的關系

1、include的引用

需求場景:用於含有多個SLS的狀態,使用include可以進行多個狀態的組合

[root@linux-node1 prod]# pwd
/srv/salt/prod
[root@linux-node1 prod]# vim lamp.sls
include:
  - apache.init
  - php.init
  - mysql.init
[root@linux-node1 prod]# vim ../base/top.sls 
prod:
  ‘linux-node1.example.com‘:
    - lamp
[root@linux-node1 prod]# salt -S "192.168.56.11" state.highstate
linux-node1.example.com:
----------
          ID: apache-install
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 09:29:20.324067
    Duration: 984.864 ms
     Changes:   
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf is in the correct state
     Started: 09:29:21.311111
    Duration: 50.95 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 09:29:21.362769
    Duration: 52.404 ms
     Changes:   
----------
          ID: php-install
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed
     Started: 09:29:21.415555
    Duration: 0.693 ms
     Changes:   
----------
          ID: php-config
    Function: file.managed
        Name: /etc/php.ini
      Result: True
     Comment: File /etc/php.ini is in the correct state
     Started: 09:29:21.416438
    Duration: 15.578 ms
     Changes:   
----------
          ID: mysql-install
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed
     Started: 09:29:21.432162
    Duration: 0.542 ms
     Changes:   
----------
          ID: mysql-config
    Function: file.managed
        Name: /etc/my.cnf
      Result: True
     Comment: File /etc/my.cnf is in the correct state
     Started: 09:29:21.432807
    Duration: 38.858 ms
     Changes:   
----------
          ID: mysql-service
    Function: service.running
        Name: mariadb
      Result: True
     Comment: The service mariadb is already running
     Started: 09:29:21.471799
    Duration: 38.431 ms
     Changes:   

Summary for linux-node1.example.com
------------
Succeeded: 8
Failed:    0
------------
Total states run:     8
Total run time:   1.182 s

2、extend的使用

需求場景:軟件包安裝的時候,需求假設:只在node1上按裝php-mbstring包,其他的機器不安裝。

[root@linux-node1 prod]# pwd
/srv/salt/prod
[root@linux-node1 prod]# vim lamp.sls 
include:
  - apache.init
  - php.init
  - mysql.init

extend:
  php-install:
    pkg.installed:
      - name: php-mbstring
[root@linux-node1 prod]# salt -S "192.168.56.11" state.highstate

3、require和require_in的使用

require:我依賴誰
require_in:我被誰依賴
需求場景:如果安裝不成功或者配置httpd不成功,不啟動httpd

(1)require使用
[root@linux-node1 apache]# pwd
/srv/salt/prod/apache
[root@linux-node1 apache]# systemctl stop httpd
[root@linux-node1 apache]# vim init_require.sls 
apache-install:
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd1.conf----->將此處的文件改錯,模擬配置錯誤
    - user: root
    - group: root
    - mode: 644

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - require:---------------------------->使用require,表示依賴
      - pkg: apache-install--------------->依賴的狀態模塊為pkg模塊,id為apache-install
      - file: apache-config--------------->依賴的狀態模塊為file模塊,id為apache-config
[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate   #執行模塊提示會有報錯,此時httpd不會正常啟動
......
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: False
     Comment: Source file salt://apache/files/httpd1.conf not found
     Started: 09:48:33.459243
    Duration: 40.414 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: False
     Comment: One or more requisite failed: apache.init.apache-config
     Changes:   
----------
......
Summary for linux-node1.example.com
------------
Succeeded: 6
Failed:    2
------------
Total states run:     8
Total run time:   1.110 s
[root@linux-node1 apache]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Sat 2018-01-20 09:44:04 CST; 4min 59s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 65439 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 Main PID: 1025 (code=exited, status=0/SUCCESS)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"

Jan 17 10:41:59 linux-node1 systemd[1]: Starting The Apache HTTP Server...
Jan 17 10:42:02 linux-node1 systemd[1]: Started The Apache HTTP Server.
Jan 18 03:49:02 linux-node1 systemd[1]: Reloaded The Apache HTTP Server.
Jan 20 09:43:53 linux-node1 systemd[1]: Stopping The Apache HTTP Server...
Jan 20 09:44:04 linux-node1 systemd[1]: Stopped The Apache HTTP Server.

(2)require_in使用
[root@linux-node1 apache]# vim init_require_in.sls 
apache-install:
  pkg.installed:
    - name: httpd
    - require_in:------------------>被依賴
      - service: apache-service---->被依賴的模塊是service,id為apache-service

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644
    - require_in:
      - service: apache-service

apache-service:
  service.running:
    - name: httpd
    - enable: True

解釋說明:require和require_in都能實現依賴的功能,主動和被動的關系不同

4、watch和watch_in的使用

需求場景:監控配置文件變動,重啟服務或重載服務

[root@linux-node1 apache]# pwd
/srv/salt/prod/apache
[root@linux-node1 apache]# vim init_watch.sls 
apache-install:
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - watch:---------------------->使用watch
      - file: apache-config------->監控的模塊為file,id為apache-config
[root@linux-node1 apache]# vim files/httpd.conf   #隨意修改配置文件
[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate
......
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf updated
     Started: 10:07:14.430189
    Duration: 55.133 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,4 +1,5 @@
                   #
                  +#hahahaaha--------------->檢測到配置文件增加的內容
                   #hahahaaha
                   # This is the main Apache HTTP server configuration file.  It contains the
                   # configuration directives that give the server its instructions.
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service restarted---------------------->將服務重啟
     Started: 10:07:14.533852
    Duration: 1219.798 ms
     Changes:   
              ----------
              httpd:
                  True
......

#增加reload參數,讓服務重載
[root@linux-node1 apache]# vim init_watch.sls 
apache-install:
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - reload: True----------------------------------->增加參數重載
    - watch:
      - file: apache-config

[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf updated------>檢測文件有變化
     Started: 10:10:08.493557
    Duration: 53.016 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,4 +1,5 @@
                   #
                  +#hahahaaha
                   #hahahaaha
                   #hahahaaha
                   # This is the main Apache HTTP server configuration file.  It contains the
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service reloaded---------------->服務重載
     Started: 10:10:08.596434
    Duration: 158.753 ms
     Changes:   
              ----------
              httpd:
                  True
----------
#watch_in的使用和require_in是一樣的

5、unless:狀態間的條件判斷

需求場景:給apache的admin目錄進行加密登陸查看

(1)修改配置文件,添加認證功能
[root@linux-node1 apache]# vim files/httpd.conf 
<Directory "/var/www/html/admin">
        AllowOverride All
        Order allow,deny
        Allow from all
        AuthType Basic
        AuthName "haha"
        AuthUserFile /etc/httpd/conf/htpasswd_file
        Require user admin
</Directory>

(2)修改狀態文件init.sls
[root@linux-node1 apache]# vim init.sls 
apache-install:
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

apache-auth:
  pkg.installed:
    - name: httpd-tools
  cmd.run:------>使用cmd模塊的run方法
    - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin---->生成密碼文件
    - unless: test -f /etc/httpd/conf/htpasswd_file---->unless判斷條件,test -f判斷為假則執行。即htpasswd文件如果不存在就執行生成密碼

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: apache-config

[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate
......
----------
          ID: apache-auth
    Function: cmd.run
        Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
      Result: True
     Comment: Command "htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin" run
     Started: 10:34:54.930867
    Duration: 48.152 ms
     Changes:   
              ----------
              pid:
                  4166
              retcode:
                  0
              stderr:
                  Adding password for user admin
              stdout:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service reloaded
     Started: 10:34:55.014468
    Duration: 162.844 ms
     Changes:   
              ----------
              httpd:
                  True
......

瀏覽器訪問192.168.56.11/admin/index.html會出現密碼驗證

SaltStack配置管理--狀態間的關系