SaltStack配置管理--状态间的关系
1、include的引用
需求场景:用于含有多个SLS的状态,使用include可以进行多个状态的组合
[root@linux-node1 prod]# pwd
/srv/salt/prod
[root@linux-node1 prod]# vim lamp.sls
include:
- apache.init
- php.init
- mysql.init
[root@linux-node1 prod]# vim ../base/top.sls
prod:
'linux-node1.example.com':
- lamp
[root@linux-node1 prod]# salt -S "192.168.56.11" state.highstate
linux-node1.example.com:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 09:29:20.324067
Duration: 984.864 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 09:29:21.311111
Duration: 50.95 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 09:29:21.362769
Duration: 52.404 ms
Changes:
----------
ID: php-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 09:29:21.415555
Duration: 0.693 ms
Changes:
----------
ID: php-config
Function: file.managed
Name: /etc/php.ini
Result: True
Comment: File /etc/php.ini is in the correct state
Started: 09:29:21.416438
Duration: 15.578 ms
Changes:
----------
ID: mysql-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 09:29:21.432162
Duration: 0.542 ms
Changes:
----------
ID: mysql-config
Function: file.managed
Name: /etc/my.cnf
Result: True
Comment: File /etc/my.cnf is in the correct state
Started: 09:29:21.432807
Duration: 38.858 ms
Changes:
----------
ID: mysql-service
Function: service.running
Name: mariadb
Result: True
Comment: The service mariadb is already running
Started: 09:29:21.471799
Duration: 38.431 ms
Changes:
Summary for linux-node1.example.com
------------
Succeeded: 8
Failed: 0
------------
Total states run: 8
Total run time: 1.182 s
2、extend的使用
需求场景:软件包安装的时候,需求假设:只在node1上按装php-mbstring包,其他的机器不安装。
[root@linux-node1 prod]# pwd
/srv/salt/prod
[root@linux-node1 prod]# vim lamp.sls
include:
- apache.init
- php.init
- mysql.init
extend:
php-install:
pkg.installed:
- name: php-mbstring
[root@linux-node1 prod]# salt -S "192.168.56.11" state.highstate
3、require和require_in的使用
require:我依赖谁
require_in:我被谁依赖
需求场景:如果安装不成功或者配置httpd不成功,不启动httpd
(1)require使用
[root@linux-node1 apache]# pwd
/srv/salt/prod/apache
[root@linux-node1 apache]# systemctl stop httpd
[root@linux-node1 apache]# vim init_require.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd1.conf----->将此处的文件改错,模拟配置错误
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- require:---------------------------->使用require,表示依赖
- pkg: apache-install--------------->依赖的状态模块为pkg模块,id为apache-install
- file: apache-config--------------->依赖的状态模块为file模块,id为apache-config
[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate #执行模块提示会有报错,此时httpd不会正常启动
......
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: False
Comment: Source file salt://apache/files/httpd1.conf not found
Started: 09:48:33.459243
Duration: 40.414 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: False
Comment: One or more requisite failed: apache.init.apache-config
Changes:
----------
......
Summary for linux-node1.example.com
------------
Succeeded: 6
Failed: 2
------------
Total states run: 8
Total run time: 1.110 s
[root@linux-node1 apache]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Sat 2018-01-20 09:44:04 CST; 4min 59s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 65439 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 1025 (code=exited, status=0/SUCCESS)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
Jan 17 10:41:59 linux-node1 systemd[1]: Starting The Apache HTTP Server...
Jan 17 10:42:02 linux-node1 systemd[1]: Started The Apache HTTP Server.
Jan 18 03:49:02 linux-node1 systemd[1]: Reloaded The Apache HTTP Server.
Jan 20 09:43:53 linux-node1 systemd[1]: Stopping The Apache HTTP Server...
Jan 20 09:44:04 linux-node1 systemd[1]: Stopped The Apache HTTP Server.
(2)require_in使用
[root@linux-node1 apache]# vim init_require_in.sls
apache-install:
pkg.installed:
- name: httpd
- require_in:------------------>被依赖
- service: apache-service---->被依赖的模块是service,id为apache-service
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
- require_in:
- service: apache-service
apache-service:
service.running:
- name: httpd
- enable: True
解释说明:require和require_in都能实现依赖的功能,主动和被动的关系不同
4、watch和watch_in的使用
需求场景:监控配置文件变动,重启服务或重载服务
[root@linux-node1 apache]# pwd
/srv/salt/prod/apache
[root@linux-node1 apache]# vim init_watch.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- watch:---------------------->使用watch
- file: apache-config------->监控的模块为file,id为apache-config
[root@linux-node1 apache]# vim files/httpd.conf #随意修改配置文件
[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate
......
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 10:07:14.430189
Duration: 55.133 ms
Changes:
----------
diff:
---
+++
@@ -1,4 +1,5 @@
#
+#hahahaaha--------------->检测到配置文件增加的内容
#hahahaaha
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service restarted---------------------->将服务重启
Started: 10:07:14.533852
Duration: 1219.798 ms
Changes:
----------
httpd:
True
......
#增加reload参数,让服务重载
[root@linux-node1 apache]# vim init_watch.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True----------------------------------->增加参数重载
- watch:
- file: apache-config
[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated------>检测文件有变化
Started: 10:10:08.493557
Duration: 53.016 ms
Changes:
----------
diff:
---
+++
@@ -1,4 +1,5 @@
#
+#hahahaaha
#hahahaaha
#hahahaaha
# This is the main Apache HTTP server configuration file. It contains the
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded---------------->服务重载
Started: 10:10:08.596434
Duration: 158.753 ms
Changes:
----------
httpd:
True
----------
#watch_in的使用和require_in是一样的
5、unless:状态间的条件判断
需求场景:给apache的admin目录进行加密登陆查看
(1)修改配置文件,添加认证功能
[root@linux-node1 apache]# vim files/httpd.conf
<Directory "/var/www/html/admin">
AllowOverride All
Order allow,deny
Allow from all
AuthType Basic
AuthName "haha"
AuthUserFile /etc/httpd/conf/htpasswd_file
Require user admin
</Directory>
(2)修改状态文件init.sls
[root@linux-node1 apache]# vim init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:------>使用cmd模块的run方法
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin---->生成密码文件
- unless: test -f /etc/httpd/conf/htpasswd_file---->unless判断条件,test -f判断为假则执行。即htpasswd文件如果不存在就执行生成密码
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-config
[root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate
......
----------
ID: apache-auth
Function: cmd.run
Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
Result: True
Comment: Command "htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin" run
Started: 10:34:54.930867
Duration: 48.152 ms
Changes:
----------
pid:
4166
retcode:
0
stderr:
Adding password for user admin
stdout:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 10:34:55.014468
Duration: 162.844 ms
Changes:
----------
httpd:
True
......
浏览器访问192.168.56.11/admin/index.html会出现密码验证
版权声明:原创作品,如需转载,请注明出处。否则将追究法律责任
本文转自 IT_外卖小哥 51CTO博客,原文链接:http://blog.51cto.com/jinlong/2063206