saltstack简单部署和实践
#Elaine:master;Dylan:minion#利用salt给minion安装包[root@elaine states]# vim /etc/salt/master
default_include: master.d/*.conf interface: 0.0.0.0 ''' state_top: top.sls ''' file_roots: base: - /etc/salt/states prod: - /etc/salt/states/prod '''View Code
[root@elaine states]# vim /etc/salt/states/top.sls
base: 'dylan': - init.pkg #使用init目录下pkg文件 pkg.init: #自定义名字 pkg.installed: #执行pkg.installed模块 - names: #要安装的包名 - lrzsz - mtr - nmapView Code
[root@elaine init]# salt '*' state.sls init.pkg
dylan: ---------- ID: pkg.init Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 14:21:07.973412 Duration: 4582.543 ms Changes: Summary for dylan ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 Total run time: 4.583 s
#利用salt同步minion端的配置文件[root@elaine init]# vim /etc/salt/states/init/limit.sls
/etc/security/limits.conf: #要同步的目标文件名 file.managed: - source: salt://init/files/limits.conf - user: root - group: root - mode: 644 #或 limit-config: #id名 file.managed: - name: /etc/security/limits.conf #要同步的目标文件名 - source: salt://init/files/limits.conf - user: root - group: root - mode: 644View Code
[root@elaine init]# cp /etc/security/limits.conf /etc/salt/states/init/files/[root@elaine states]# vim /etc/salt/states/top.sls
base: 'dylan': - init.pkg - init.limitView Code
#将输出结果return到mysqlmaster端安装MySQL-python包,由master端直接写入mysql,不需要加--return mysql#使用grains定义目标[root@dylan ~]# vim /etc/salt/grains
test: salt_test
[root@elaine ~]# salt '*' saltutil.sync_grains #刷新
dylan:
[root@elaine /]# salt '*' grains.item test
dylan: ---------- test: salt_test
[root@elaine ~]# salt -G 'test:salt_test' test.ping
dylan: True
#grains在top.sls状态文件里[root@elaine /]# vim /etc/salt/states/top.sls
base: 'dylan': - init.pkg 'os:CentOS': - match: grain - init.limitView Code
#使用pillar定义目标[root@elaine /]# mkdir -p /etc/salt/pillar/init[root@elaine init]# vim /etc/salt/master
pillar_roots: base: - /etc/salt/pillar
[root@elaine /]# vim /etc/salt/pillar/top.sls
base: '*': #定义要添加pillar的目标主机 - init.rsyslog #定义要添加pillar的方法文件/etc/salt/pillar/init
[root@elaine /]# vim /etc/salt/pillar/init/rsyslog.sls
{% if grains['osfinger'] == 'CentOS Linux-7' %} syslog: rsyslog {% elif grains['osfinger'] == 'CentOS-5' %} syslog: syslog {% endif %}
[root@elaine init]# systemctl restart salt-master[root@elaine init]# salt '*' saltutil.refresh_pillar
dylan: True
[root@elaine init]# salt '*' pillar.item syslog
dylan: ---------- syslog: rsyslog
[root@elaine init]# [root@elaine init]# salt -I 'syslog:rsyslog' test.ping
dylan: True
#安装配置启动zabbix-agent [root@elaine init]# grep 'Server=' /etc/salt/states/init/files/zabbix_agentd.conf
# Server= Server={{Zabbix_Server}}#将配置文件里要修改的参数加上变量为Zabbix_Server,该配置文件变为模板文件
[root@elaine init]# vim /etc/salt/states/init/zabbix_agent.sls
zabbix_agent: pkg.installed: #安装zabbix-agent - name: zabbix-agent.x86_64 file.managed: #配置zabbix-agent - name: /etc/zabbix/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - user: root - group: root - mode: 644 - template: jinja #声明模板格式 - defaults: Zabbix_Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}#赋予变量Zabbix_Server新的值(这里利用pillar,直接添加值亦可,如:Zabbix_Server: 192.168.35.129) service.running: #启动zabbix-agent - name: zabbix-agent - enable: True #- reload: True #文件更改后reload服务 - watch: #文件更改后重启服务 - file: zabbix_agent
[root@elaine init]# vim /etc/salt/states/top.sls
base: 'dylan': - init.pkg - init.zabbix_agent #在top.sls添加要执行的方法文件zabbix_agent.sls 'os:CentOS': - match: grain - init.limit
#定义pillar [root@elaine init]# cat /etc/salt/pillar/init/zabbix_agent.sls
zabbix-agent: Zabbix_Server: 198.162.35.129
[root@elaine pillar]# cat /etc/salt/pillar/top.sls
base: '*': - init.rsyslog - init.zabbix_agent
#salt.ssh[root@elaine init]# vim /etc/salt/roster
squid: host: 172.16.139.88 user: root passwd: Ch@n93M3?
[root@elaine init]# salt-ssh -i '*' test.ping
squid: True
[root@elaine init]# salt-ssh -i '*' cmd.run 'service squid restart'
squid: 停止 squid:................[确定] 正在启动 squid:.[确定]