实验目标
1.使用SaltStack部署apache和php,
2.使用salt管理httpd.conf配置文件配置访问info.php使用账户密码
3.在salt里面增加对conf.d目录进行配置管理
4.如何使用salt在追加文件内容
5.学会如何使用 watch require unless
实现步骤
修改master的配置文件,指定base环境路径,base环境是必须指定的
[root@linux-node1 base]# grep -9 ^file_roots /etc/salt/master |grep -v ^# file_roots: base: - /srv/salt/base dev: - /srv/salt/dev test: - /srv/salt/test prod: - /srv/salt/prod
创建目录
[root@linux-node1 base]# mkdir -p /srv/salt/{base,dev,test,prod} [root@linux-node1 base]# tree /srv/salt/ /srv/salt/ ├── base ├── dev ├── prod └── test
重启master
[root@linux-node1 base]# systemctl restart salt-master
在base目录下面创建一个web目录用于存放web相关的sls文件
[root@linux-node1 base]# mkdir -p web
cd到bash/web目录里面创建apache.sls文件
[root@linux-node1 base]# cd web/ [root@linux-node1 web]# cat apache.sls apache-install: #id 名字自己取 需要形象一点, 一个id下面一个状态只能出现一次 pkg.installed: #pkg 是状态模块,installed 是模块里面的方法 - name: httpd #方法里面的参数 apache-service: service.running: - name: httpd - enable: True #设置开机自动启动
#yaml里面格式有严格的要求,注释用#号,不能有table,- 两边需要空格,缩进用2个空格层级关系后面要加分号
执行状态模块部署服务
[root@linux-node1 base]# salt "linux-node2*" state.sls apache linux-node2.example.com: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 14:58:09.228934 Duration: 633.681 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is running Started: 14:58:09.863302 Duration: 310.567 ms Changes: ---------- httpd: True Summary ------------ Succeeded: 2 (changed=1) Failed: 0 ------------ Total states run: 2
#此时node2 上面已经部署好了apache
高级状态的使用 需要在master配置文件里面打开 state_top: top.sls并重启master
[root@linux-node1 web]# grep -n ^state_top /etc/salt/master
329:state_top: top.sls
[root@linux-node1 web]# systemctl restart salt-master
在bese环境目录下面添加top.sls
[root@linux-node1 base]# more top.sls base: 'linux-node2.example.com': - web.apache 'linux-node1.example.com': - web.apache [root@linux-node1 base]# pwd /srv/salt/base
执行高级模块方法,高级方法到 base下面找top.sls 文件编排告诉每个minion需要干什么,一般生产环境用高级状态多些
[root@linux-node1 base]# salt "*" state.highstate linux-node1.example.com: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 15:23:08.597951 Duration: 709.521 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 15:23:09.308417 Duration: 233.623 ms Changes: Summary ------------ Succeeded: 2 Failed: 0 ------------ Total states run: 2 linux-node2.example.com: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 15:23:09.171596 Duration: 721.901 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 15:23:09.894209 Duration: 221.615 ms Changes: Summary ------------ Succeeded: 2 Failed: 0 ------------ Total states run: 2
上面我们使用了2个状态模块pkg和service,下面我们使用file文件配置模块
模块使用参考文档
https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.file.html#module-salt.states.file
在base/web目录下面添加一个lamp.sls,一般在添加里面的内容之前需要在外面找一台服务器进行测试拿到准确的包信息后再进行配置
[root@linux-node1 web]# cat lamp.sls
lamp-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-pdo
- php-mysql
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf #服务实际使用的文件路径
- source: salt://web/files/httpd.conf #salt的源文件用于分发到minion上面 路径是base目录下面的web 这里也支持http和ftp方式
- user: root
- group: root
- mode: 644
php-config:
file.managed:
- name: /etc/php.ini
- source: salt://web/files/php.ini
- user: root
- group: root
- mode: 644
lamp-service:
service.running:
- name: httpd
- enable: True
拷贝源文件到base/web目录下,这个根据自己的实际情况找源文件拷贝过来
[root@linux-node1 web]# cp /etc/httpd/conf/httpd.conf /srv/salt/base/web/files/
[root@linux-node1 web]# cp /etc/php.ini /srv/salt/base/web/files/
执行状态模块部署服务
[root@linux-node1 web]# salt "*" state.sls web.lamp linux-node1.example.com: ---------- ID: lamp-install Function: pkg.installed Result: True Comment: All specified packages are already installed. Started: 15:43:56.883540 Duration: 633.814 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 15:43:57.520199 Duration: 4.242 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini is in the correct state Started: 15:43:57.524589 Duration: 4.149 ms Changes: ---------- ID: lamp-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 15:43:57.529404 Duration: 258.952 ms Changes: Summary ------------ Succeeded: 4 Failed: 0 ------------ Total states run: 4 linux-node2.example.com: ---------- ID: lamp-install Function: pkg.installed Result: True Comment: All specified packages are already installed. Started: 15:43:58.566172 Duration: 611.409 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 15:43:59.180091 Duration: 4.063 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini is in the correct state Started: 15:43:59.184248 Duration: 3.803 ms Changes: ---------- ID: lamp-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 15:43:59.188496 Duration: 208.1 ms Changes: Summary ------------ Succeeded: 4 Failed: 0 ------------ Total states run: 4
使用file模块下面的recurse方法进行apache的conf.d目录管理配置如下
apache-conf: file.recurse: - name: /etc/httpd/conf.d - source: salt://web/files/apache-conf.d
创建salt源目录,并拷贝数据导源文件目录,数据文件来源根据自己业务的实际情况
[root@linux-node1 ~]# mkdir /srv/salt/base/web/files/apache-conf.d [root@linux-node1 ~]# cd /srv/salt/base/web/files/apache-conf.d/ [root@linux-node1 apache-conf.d]# cp -a /etc/httpd/conf.d/* . [root@linux-node1 apache-conf.d]# ls autoindex.conf php.conf README userdir.conf welcome.conf [root@linux-node1 apache-conf.d]#
测试在files/apache-conf.d/welcome.conf 添加一行#xiewenming test
[root@linux-node1 files]# echo "#xieweming test" >> apache-conf.d/welcome.conf
验证目录管理是否生效
可以先使用test=True 只做测试,不会在minion节点上面真正执行,确认无问题后再让minion去执行
[root@linux-node1 files]# salt "linux-node2*" state.highstate test=True linux-node2.example.com: ---------- ID: lamp-install Function: pkg.installed Result: True Comment: All specified packages are already installed. Started: 16:12:56.440265 Duration: 666.288 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: The file /etc/httpd/conf/httpd.conf is in the correct state Started: 16:12:57.108448 Duration: 3.959 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: The file /etc/php.ini is in the correct state Started: 16:12:57.112503 Duration: 3.61 ms Changes: ---------- ID: lamp-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 16:12:57.116505 Duration: 244.585 ms Changes: ---------- ID: apache-conf Function: file.recurse Name: /etc/httpd/conf.d Result: None Comment: #### /etc/httpd/conf.d/welcome.conf #### The file /etc/httpd/conf.d/welcome.conf is set to be changed Started: 16:12:57.361390 Duration: 1096.52 ms Changes: ---------- /etc/httpd/conf.d/welcome.conf: ---------- diff: --- +++ @@ -20,3 +20,4 @@ Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png +#xieweming test Summary ------------ Succeeded: 5 (unchanged=1, changed=1) Failed: 0 ------------ Total states run: 5
验证没有问题在node1和node2上面都执行
我们这里就2台所有可以直接用*
[root@linux-node1 files]# salt "*" state.highstate linux-node1.example.com: ---------- ID: lamp-install Function: pkg.installed Result: True Comment: All specified packages are already installed. Started: 16:19:31.724191 Duration: 782.903 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 16:19:32.509438 Duration: 4.62 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini is in the correct state Started: 16:19:32.514200 Duration: 4.418 ms Changes: ---------- ID: lamp-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 16:19:32.519273 Duration: 234.566 ms Changes: ---------- ID: apache-conf Function: file.recurse Name: /etc/httpd/conf.d Result: True Comment: Recursively updated /etc/httpd/conf.d Started: 16:19:32.754002 Duration: 1082.389 ms Changes: ---------- /etc/httpd/conf.d/welcome.conf: ---------- diff: --- +++ @@ -20,3 +20,4 @@ Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png +#xieweming test Summary ------------ Succeeded: 5 (changed=1) Failed: 0 ------------ Total states run: 5 linux-node2.example.com: ---------- ID: lamp-install Function: pkg.installed Result: True Comment: All specified packages are already installed. Started: 16:19:32.296865 Duration: 789.23 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 16:19:33.089019 Duration: 3.807 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini is in the correct state Started: 16:19:33.092933 Duration: 3.459 ms Changes: ---------- ID: lamp-service Function: service.running Name: httpd Result: True Comment: Service httpd is already enabled, and is in the desired state Started: 16:19:33.096823 Duration: 232.349 ms Changes: ---------- ID: apache-conf Function: file.recurse Name: /etc/httpd/conf.d Result: True Comment: Recursively updated /etc/httpd/conf.d Started: 16:19:33.329410 Duration: 1079.801 ms Changes: ---------- /etc/httpd/conf.d/welcome.conf: ---------- diff: --- +++ @@ -20,3 +20,4 @@ Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png +#xieweming test Summary ------------ Succeeded: 5 (changed=1) Failed: 0 ------------ Total states run: 5