saltstack简单部署和实践
#Elaine:master;Dylan:minion#利用salt给minion安装包[root@elaine states]# vim /etc/salt/master
default_include: master.d/*.conf
interface: 0.0.0.0
'''
state_top: top.sls
'''
file_roots:
base:
- /etc/salt/states
prod:
- /etc/salt/states/prod
''' View Code[root@elaine states]# vim /etc/salt/states/top.sls
base:
'dylan':
- init.pkg #使用init目录下pkg文件
pkg.init: #自定义名字
pkg.installed: #执行pkg.installed模块
- names: #要安装的包名
- lrzsz
- mtr
- nmap View Code[root@elaine init]# salt '*' state.sls init.pkg
dylan:
----------
ID: pkg.init
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 14:21:07.973412
Duration: 4582.543 ms
Changes:
Summary for dylan
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 4.583 s #利用salt同步minion端的配置文件[root@elaine init]# vim /etc/salt/states/init/limit.sls
/etc/security/limits.conf: #要同步的目标文件名
file.managed:
- source: salt://init/files/limits.conf
- user: root
- group: root
- mode: 644
#或
limit-config: #id名
file.managed:
- name: /etc/security/limits.conf #要同步的目标文件名
- source: salt://init/files/limits.conf
- user: root
- group: root
- mode: 644 View Code[root@elaine init]# cp /etc/security/limits.conf /etc/salt/states/init/files/[root@elaine states]# vim /etc/salt/states/top.sls
base:
'dylan':
- init.pkg
- init.limit View Code#将输出结果return到mysqlmaster端安装MySQL-python包,由master端直接写入mysql,不需要加--return mysql#使用grains定义目标[root@dylan ~]# vim /etc/salt/grains
test: salt_test
[root@elaine ~]# salt '*' saltutil.sync_grains #刷新
dylan:
[root@elaine /]# salt '*' grains.item test
dylan:
----------
test:
salt_test [root@elaine ~]# salt -G 'test:salt_test' test.ping
dylan:
True #grains在top.sls状态文件里[root@elaine /]# vim /etc/salt/states/top.sls
base:
'dylan':
- init.pkg
'os:CentOS':
- match: grain
- init.limit View Code#使用pillar定义目标[root@elaine /]# mkdir -p /etc/salt/pillar/init[root@elaine init]# vim /etc/salt/master
pillar_roots:
base:
- /etc/salt/pillar [root@elaine /]# vim /etc/salt/pillar/top.sls
base:
'*': #定义要添加pillar的目标主机
- init.rsyslog #定义要添加pillar的方法文件/etc/salt/pillar/init [root@elaine /]# vim /etc/salt/pillar/init/rsyslog.sls
{% if grains['osfinger'] == 'CentOS Linux-7' %}
syslog: rsyslog
{% elif grains['osfinger'] == 'CentOS-5' %}
syslog: syslog
{% endif %} [root@elaine init]# systemctl restart salt-master[root@elaine init]# salt '*' saltutil.refresh_pillar
dylan:
True [root@elaine init]# salt '*' pillar.item syslog
dylan:
----------
syslog:
rsyslog [root@elaine init]# [root@elaine init]# salt -I 'syslog:rsyslog' test.ping
dylan:
True #安装配置启动zabbix-agent [root@elaine init]# grep 'Server=' /etc/salt/states/init/files/zabbix_agentd.conf
# Server=
Server={{Zabbix_Server}}#将配置文件里要修改的参数加上变量为Zabbix_Server,该配置文件变为模板文件 [root@elaine init]# vim /etc/salt/states/init/zabbix_agent.sls
zabbix_agent:
pkg.installed: #安装zabbix-agent
- name: zabbix-agent.x86_64
file.managed: #配置zabbix-agent
- name: /etc/zabbix/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- user: root
- group: root
- mode: 644
- template: jinja #声明模板格式
- defaults:
Zabbix_Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}#赋予变量Zabbix_Server新的值(这里利用pillar,直接添加值亦可,如:Zabbix_Server: 192.168.35.129)
service.running: #启动zabbix-agent
- name: zabbix-agent
- enable: True
#- reload: True #文件更改后reload服务
- watch: #文件更改后重启服务
- file: zabbix_agent [root@elaine init]# vim /etc/salt/states/top.sls
base:
'dylan':
- init.pkg
- init.zabbix_agent #在top.sls添加要执行的方法文件zabbix_agent.sls
'os:CentOS':
- match: grain
- init.limit #定义pillar [root@elaine init]# cat /etc/salt/pillar/init/zabbix_agent.sls
zabbix-agent: Zabbix_Server: 198.162.35.129
[root@elaine pillar]# cat /etc/salt/pillar/top.sls
base:
'*':
- init.rsyslog
- init.zabbix_agent #salt.ssh[root@elaine init]# vim /etc/salt/roster
squid: host: 172.16.139.88 user: root passwd: Ch@n93M3?
[root@elaine init]# salt-ssh -i '*' test.ping
squid:
True [root@elaine init]# salt-ssh -i '*' cmd.run 'service squid restart'
squid:
停止 squid:................[确定]
正在启动 squid:.[确定]