vim /etc/salt/master:
[root@localhost pillar]# mkdir /srv/salt/base [root@localhost pillar]# mkdir /srv/salt/test [root@localhost pillar]# mkdir /srv/salt/prod
[root@localhost base]# salt '*' state.sls dns 192.168.240.130: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf updated Started: 07:03:37.898401 Duration: 26.143 ms Changes: ---------- diff: --- +++ @@ -1,3 +1,1 @@ -; generated by /sbin/dhclient-script -search localdomain -nameserver 223.5.5.5 +nameserver 10.0.0.2 Summary ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 192.168.240.131: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf updated Started: 07:03:37.706662 Duration: 77.298 ms Changes: ---------- diff: --- +++ @@ -1,3 +1,1 @@ -; generated by /sbin/dhclient-script -search localdomain -nameserver 192.168.240.2 +nameserver 10.0.0.2 Summary ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 [root@localhost base]# cat /etc/resolv.conf nameserver 10.0.0.2
- YAML使用一个固定的缩进风格表示数据层结构关系
- Salt需要每个缩进级别由两个空格组成。
- 不要使用tabs
系统初始化
[root@localhost base]# pwd /srv/salt/base [root@localhost base]# tree . ├── init │ ├── audit.sls │ ├── dns.sls │ ├── env_init.sls │ ├── files │ │ └── resolv.conf │ ├── history.sls │ └── sysctl.sls └── top.sls 2 directories, 7 files [root@localhost base]# cat top.sls base: '*': - init.env_init [root@localhost base]# cat init/env_init.sls include: - init.dns - init.history - init.audit - init.sysctl [root@localhost base]# cat init/audit.sls /etc/bashrc: file.append: - text: - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}' [root@localhost base]# cat init/dns.sls /etc/resolv.conf: file.managed: - source: salt://init/files/resolv.conf - user: root - group: root - mode: 644 [root@localhost base]# cat init/history.sls /etc/profile: file.append: - text: - export HISTTIMEFORMAT="%F %T `whoami` " [root@localhost base]# cat init/sysctl.sls vm.swappiness: sysctl.present: - value: 0 net.ipv4.ip_local_port_range: sysctl.present: - value: 10000 65000 fs.file-max: sysctl.present: - value: 10000 [root@localhost base]# cat init/files/resolv.conf nameserver 223.5.5.5 [root@localhost base]# salt '*' state.highstate test=True // 执行 salt '*' state.highstate
功能模块
[root@localhost ~]# mkdir /srv/salt/prod/pkg [root@localhost ~]# mkdir /srv/salt/prod/haproxy [root@localhost ~]# mkdir /srv/salt/prod/haproxy/files [root@localhost ~]# cd /srv/salt/prod/pkg/ [root@localhost pkg]# vim pkg-init.sls [root@localhost pkg]# cat pkg-init.sls pkg-init: pkg.installed: - names: - gcc - gcc-c++ - glibc - make - autoconf - openssl - openssl-devel
状态模块:状态间关系
功能:条件判断,主要用于cmd状态模块
常用方法:
- onlyif:检查的命令,仅当"onlyif"选项指向的命令返回true时才执行name定义的命令
- unless:用于检查的命令,仅当"unless"选项指定的命令返回false时才执行name指向的命令
功能名称:requisites
功能:处理状态间关系
常用方法:
- require 我依赖某个状态
- require_in 我被某个状态依赖
- watch 我关注某个状态
- watch_in 我被某个状态关注
[root@localhost haproxy]# pwd /srv/salt/prod/haproxy [root@localhost haproxy]# cat install.sls include: - pkg.pkg-init haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.6.2.tar.gz - source: salt://haproxy/files/haproxy-1.6.2.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy - require: - pkg: pkg-init - file: haproxy-install haproxy-init: file.managed: - name: /etc/init.d/haproxy - source: salt://haproxy/files/haproxy.init - user: root - group: root - mode: 755 - require: - cmd: haproxy-install cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list | grep haproxy - require: - file: /etc/init.d/haproxy net.ipv4.ip_nonlocal_bind: sysctl.present: - value: 1 haproxy-config-dir: file.directory: - name: /etc/haproxy - user: root - group: root - mode: 755
[root@localhost haproxy]# salt '192.168.240.130' state.sls haproxy.install env=prod 192.168.240.130: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: Package gcc is already installed. Started: 15:46:14.985990 Duration: 1379.723 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: Package glibc is already installed. Started: 15:46:16.367221 Duration: 0.574 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: Package openssl is already installed. Started: 15:46:16.367894 Duration: 0.757 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: Package openssl-devel is already installed. Started: 15:46:16.368891 Duration: 0.574 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: Package autoconf is already installed. Started: 15:46:16.369611 Duration: 0.616 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: Package gcc-c++ is already installed. Started: 15:46:16.370403 Duration: 0.589 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: Package make is already installed. Started: 15:46:16.371081 Duration: 0.387 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.6.2.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.6.2.tar.gz updated Started: 15:46:16.429228 Duration: 15.668 ms Changes: ---------- mode: 0755 ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless execution succeeded Started: 15:46:16.456300 Duration: 6.445 ms Changes: ---------- ID: haproxy-init Function: file.managed Name: /etc/init.d/haproxy Result: True Comment: File /etc/init.d/haproxy updated Started: 15:46:16.463460 Duration: 198.725 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: Command "chkconfig --add haproxy" run Started: 15:46:16.663185 Duration: 142.247 ms Changes: ---------- pid: 4496 retcode: 0 stderr: stdout: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_nonlocal_bind = 1 Started: 15:46:16.807326 Duration: 53.294 ms Changes: ---------- net.ipv4.ip_nonlocal_bind: 1 ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: Directory /etc/haproxy updated Started: 15:46:16.861046 Duration: 2.699 ms Changes: ---------- /etc/haproxy: New Dir Summary ------------- Succeeded: 13 (changed=5) Failed: 0 ------------- Total states run: 13
[root@localhost files]# pwd /srv/salt/prod/cluster/files [root@localhost files]# cat haproxy-outside.cfg global maxconn 100000 chroot /usr/local/haproxy uid 99 gid 99 daemon nbproc 1 pidfile /usr/local/haproxy/logs/haproxy.pid log 127.0.0.1 local3 info defaults option http-keep-alive maxconn 100000 mode http timeout connect 5000ms timeout client 50000ms listen stats mode http bind 0.0.0.0:8888 stats enable stats uri /haproxy-status stats auth haproxy:saltstack frontend frontend_www_example_com bind 192.168.240.131:80 mode http option httplog log global default_backend backend_www_example_com backend backend_www_example_com option forwardfor header X-REAL-IP option httpchk HEAD / HTTP/1.0 balance source server web-node1 192.168.240.130:8080 check inter 2000 rise 30 fall 15 server web-node2 192.168.240.131:8080 check inter 2000 rise 30 fall 15
[root@localhost cluster]# pwd /srv/salt/prod/cluster [root@localhost cluster]# cat haproxy-outside.sls include: - haproxy.install haproxy-service: file.managed: - name: /etc/haproxy/haproxy.cfg - source: salt://cluster/files/haproxy-outside.cfg - user: root - group: root - mode: 644 service.running: - name: haproxy - enable: True - reload: True - require: - cmd: haproxy-init - watch: - file: haproxy-service
[root@localhost base]# pwd /srv/salt/base [root@localhost base]# cat top.sls base: '*': - init.env_init prod: '192.168.240.130': - cluster.haproxy-outside '192.168.240.131': - cluster.haproxy-outside [root@localhost files]# cat haproxy.init #!/bin/sh # # chkconfig: - 85 15 # description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \ # for high availability environments. # processname: haproxy # config: /etc/haproxy/haproxy.cfg # pidfile: /var/run/haproxy.pid # Script Author: Simon Matter <[email protected]> # Version: 2004060600 # Source function library. if [ -f /etc/init.d/functions ]; then . /etc/init.d/functions elif [ -f /etc/rc.d/init.d/functions ] ; then . /etc/rc.d/init.d/functions else exit 0 fi # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 # This is our service name BASENAME=`basename $0` if [ -L $0 ]; then BASENAME=`find $0 -name $BASENAME -printf %l` BASENAME=`basename $BASENAME` fi # 修改此处 BIN=/usr/local/haproxy/sbin/$BASENAME CFG=/etc/$BASENAME/$BASENAME.cfg [ -f $CFG ] || exit 1 PIDFILE=/var/run/$BASENAME.pid LOCKFILE=/var/lock/subsys/$BASENAME RETVAL=0 start() { quiet_check if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with '$BASENAME check'." return 1 fi echo -n "Starting $BASENAME: " daemon $BIN -D -f $CFG -p $PIDFILE RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $LOCKFILE return $RETVAL } stop() { echo -n "Shutting down $BASENAME: " killproc $BASENAME -USR1 RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $LOCKFILE [ $RETVAL -eq 0 ] && rm -f $PIDFILE return $RETVAL } restart() { quiet_check if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with '$BASENAME check'." return 1 fi stop start } reload() { if ! [ -s $PIDFILE ]; then return 0 fi quiet_check if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with '$BASENAME check'." return 1 fi $BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE) } check() { $BIN -c -q -V -f $CFG } quiet_check() { $BIN -c -q -f $CFG } rhstatus() { status $BASENAME } condrestart() { [ -e $LOCKFILE ] && restart || : } # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) restart ;; reload) reload ;; condrestart) condrestart ;; status) rhstatus ;; check) check ;; *) echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}" exit 1 esac exit $?
[root@localhost ~]# salt '*' state.highstate test=True
[root@localhost files]# salt '*' state.highstate 192.168.240.130: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf is in the correct state Started: 16:35:03.443126 Duration: 48.101 ms Changes: ---------- ID: /etc/profile Function: file.append Result: True Comment: File /etc/profile is in correct state Started: 16:35:03.491434 Duration: 4.796 ms Changes: ---------- ID: /etc/bashrc Function: file.append Result: True Comment: File /etc/bashrc is in correct state Started: 16:35:03.496467 Duration: 13.05 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Sysctl value vm.swappiness = 0 is already set Started: 16:35:03.511323 Duration: 77.236 ms Changes: ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set Started: 16:35:03.588869 Duration: 67.701 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Sysctl value fs.file-max = 10000 is already set Started: 16:35:03.656870 Duration: 65.108 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: Package gcc is already installed. Started: 16:35:04.238573 Duration: 647.308 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: Package glibc is already installed. Started: 16:35:04.886188 Duration: 1.064 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: Package openssl is already installed. Started: 16:35:04.887613 Duration: 0.722 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: Package openssl-devel is already installed. Started: 16:35:04.888447 Duration: 0.557 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: Package autoconf is already installed. Started: 16:35:04.889158 Duration: 0.463 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: Package gcc-c++ is already installed. Started: 16:35:04.889704 Duration: 0.648 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: Package make is already installed. Started: 16:35:04.890510 Duration: 0.684 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.6.2.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.6.2.tar.gz is in the correct state Started: 16:35:04.891378 Duration: 13.058 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless execution succeeded Started: 16:35:04.906702 Duration: 8.296 ms Changes: ---------- ID: haproxy-init Function: file.managed Name: /etc/init.d/haproxy Result: True Comment: File /etc/init.d/haproxy is in the correct state Started: 16:35:04.915827 Duration: 5.704 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: unless execution succeeded Started: 16:35:04.922560 Duration: 24.861 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 16:35:04.948053 Duration: 32.289 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: Directory /etc/haproxy is in the correct state Started: 16:35:04.980629 Duration: 4.732 ms Changes: ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: True Comment: File /etc/haproxy/haproxy.cfg is in the correct state Started: 16:35:04.985550 Duration: 3.79 ms Changes: ---------- ID: haproxy-service Function: service.running Name: haproxy Result: True Comment: Service haproxy is already enabled, and is in the desired state Started: 16:35:04.992417 Duration: 52.617 ms Changes: Summary ------------- Succeeded: 21 Failed: 0 ------------- Total states run: 21 192.168.240.131: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf is in the correct state Started: 16:35:03.520359 Duration: 47.809 ms Changes: ---------- ID: /etc/profile Function: file.append Result: True Comment: File /etc/profile is in correct state Started: 16:35:03.568403 Duration: 4.649 ms Changes: ---------- ID: /etc/bashrc Function: file.append Result: True Comment: File /etc/bashrc is in correct state Started: 16:35:03.573241 Duration: 6.758 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Sysctl value vm.swappiness = 0 is already set Started: 16:35:03.581378 Duration: 93.423 ms Changes: ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set Started: 16:35:03.675126 Duration: 84.678 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Sysctl value fs.file-max = 10000 is already set Started: 16:35:03.760214 Duration: 55.399 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: Package gcc is already installed. Started: 16:35:04.331800 Duration: 668.208 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: Package glibc is already installed. Started: 16:35:05.000254 Duration: 0.607 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: Package openssl is already installed. Started: 16:35:05.000970 Duration: 0.363 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: Package openssl-devel is already installed. Started: 16:35:05.001450 Duration: 0.354 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: Package autoconf is already installed. Started: 16:35:05.001886 Duration: 0.531 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: Package gcc-c++ is already installed. Started: 16:35:05.002563 Duration: 0.342 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: Package make is already installed. Started: 16:35:05.003026 Duration: 0.335 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.6.2.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.6.2.tar.gz is in the correct state Started: 16:35:05.003481 Duration: 14.905 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless execution succeeded Started: 16:35:05.022058 Duration: 9.325 ms Changes: ---------- ID: haproxy-init Function: file.managed Name: /etc/init.d/haproxy Result: True Comment: File /etc/init.d/haproxy is in the correct state Started: 16:35:05.032195 Duration: 4.525 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: unless execution succeeded Started: 16:35:05.037914 Duration: 25.515 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 16:35:05.063804 Duration: 36.982 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: Directory /etc/haproxy is in the correct state Started: 16:35:05.101099 Duration: 1.133 ms Changes: ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: True Comment: File /etc/haproxy/haproxy.cfg is in the correct state Started: 16:35:05.102335 Duration: 3.273 ms Changes: ---------- ID: haproxy-service Function: service.running Name: haproxy Result: True Comment: Service haproxy is already enabled, and is in the desired state Started: 16:35:05.107174 Duration: 52.191 ms Changes: Summary ------------- Succeeded: 21 Failed: 0 ------------- Total states run: 21
[root@localhost files]# salt '*' state.highstate 192.168.240.130: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf is in the correct state Started: 16:49:26.242598 Duration: 34.161 ms Changes: ---------- ID: /etc/profile Function: file.append Result: True Comment: File /etc/profile is in correct state Started: 16:49:26.276902 Duration: 7.06 ms Changes: ---------- ID: /etc/bashrc Function: file.append Result: True Comment: File /etc/bashrc is in correct state Started: 16:49:26.284179 Duration: 7.85 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Sysctl value vm.swappiness = 0 is already set Started: 16:49:26.295710 Duration: 79.619 ms Changes: ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set Started: 16:49:26.375669 Duration: 73.283 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Sysctl value fs.file-max = 10000 is already set Started: 16:49:26.449247 Duration: 59.719 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: Package gcc is already installed. Started: 16:49:26.980957 Duration: 635.706 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: Package glibc is already installed. Started: 16:49:27.616998 Duration: 0.935 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: Package openssl is already installed. Started: 16:49:27.618036 Duration: 0.41 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: Package openssl-devel is already installed. Started: 16:49:27.618537 Duration: 0.374 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: Package autoconf is already installed. Started: 16:49:27.618996 Duration: 0.452 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: Package gcc-c++ is already installed. Started: 16:49:27.619570 Duration: 0.469 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: Package make is already installed. Started: 16:49:27.620128 Duration: 0.574 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.6.2.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.6.2.tar.gz is in the correct state Started: 16:49:27.620893 Duration: 12.929 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless execution succeeded Started: 16:49:27.636697 Duration: 7.011 ms Changes: ---------- ID: haproxy-init Function: file.managed Name: /etc/init.d/haproxy Result: True Comment: File /etc/init.d/haproxy is in the correct state Started: 16:49:27.644413 Duration: 4.295 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: unless execution succeeded Started: 16:49:27.649913 Duration: 25.646 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 16:49:27.676179 Duration: 38.169 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: Directory /etc/haproxy is in the correct state Started: 16:49:27.714791 Duration: 1.948 ms Changes: ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: True Comment: File /etc/haproxy/haproxy.cfg updated Started: 16:49:27.716952 Duration: 171.687 ms Changes: ---------- diff: --- +++ @@ -17,7 +17,7 @@ listen stats mode http -bind 0.0.0.0:80 +bind 0.0.0.0:8888 stats enable stats uri /haproxy-status stats auth /haproxy:saltstack ---------- ID: haproxy-service Function: service.running Name: haproxy Result: True Comment: Service reloaded Started: 16:49:27.940010 Duration: 85.912 ms Changes: ---------- haproxy: True Summary ------------- Succeeded: 21 (changed=2) Failed: 0 ------------- Total states run: 21 192.168.240.131: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf is in the correct state Started: 16:49:26.273403 Duration: 34.759 ms Changes: ---------- ID: /etc/profile Function: file.append Result: True Comment: File /etc/profile is in correct state Started: 16:49:26.308289 Duration: 3.857 ms Changes: ---------- ID: /etc/bashrc Function: file.append Result: True Comment: File /etc/bashrc is in correct state Started: 16:49:26.312369 Duration: 6.498 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Sysctl value vm.swappiness = 0 is already set Started: 16:49:26.320161 Duration: 93.782 ms Changes: ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set Started: 16:49:26.414267 Duration: 80.238 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Sysctl value fs.file-max = 10000 is already set Started: 16:49:26.494800 Duration: 65.963 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: Package gcc is already installed. Started: 16:49:27.058506 Duration: 619.304 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: Package glibc is already installed. Started: 16:49:27.678108 Duration: 0.912 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: Package openssl is already installed. Started: 16:49:27.679150 Duration: 0.509 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: Package openssl-devel is already installed. Started: 16:49:27.679800 Duration: 0.368 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: Package autoconf is already installed. Started: 16:49:27.680273 Duration: 0.366 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: Package gcc-c++ is already installed. Started: 16:49:27.680725 Duration: 0.585 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: Package make is already installed. Started: 16:49:27.681453 Duration: 0.556 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.6.2.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.6.2.tar.gz is in the correct state Started: 16:49:27.682149 Duration: 13.432 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless execution succeeded Started: 16:49:27.697904 Duration: 9.342 ms Changes: ---------- ID: haproxy-init Function: file.managed Name: /etc/init.d/haproxy Result: True Comment: File /etc/init.d/haproxy is in the correct state Started: 16:49:27.708171 Duration: 5.761 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: unless execution succeeded Started: 16:49:27.715023 Duration: 21.617 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 16:49:27.737044 Duration: 43.922 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: Directory /etc/haproxy is in the correct state Started: 16:49:27.781328 Duration: 1.387 ms Changes: ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: True Comment: File /etc/haproxy/haproxy.cfg updated Started: 16:49:27.782889 Duration: 189.272 ms Changes: ---------- diff: --- +++ @@ -17,7 +17,7 @@ listen stats mode http -bind 0.0.0.0:80 +bind 0.0.0.0:8888 stats enable stats uri /haproxy-status stats auth /haproxy:saltstack ---------- ID: haproxy-service Function: service.running Name: haproxy Result: True Comment: Service reloaded Started: 16:49:28.044191 Duration: 80.338 ms Changes: ---------- haproxy: True Summary ------------- Succeeded: 21 (changed=2) Failed: 0 ------------- Total states run: 21
业务模块
[root@localhost src]# wget http://www.keepalived.org/software/keepalived-1.2.19.tar.gz
./configure --prefix=/usr/local/keepalived --disable-fwmark
[root@localhost etc]# pwd /usr/local/src/keepalived-1.2.19/keepalived/etc [root@localhost etc]# mkdir /srv/salt/prod/keepalived [root@localhost etc]# mkdir /srv/salt/prod/keepalived/files [root@localhost etc]# cp init.d/keepalived.init /srv/salt/prod/keepalived/files/ [root@localhost etc]# cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/
start() { echo -n $"Starting $prog: " daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS} RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog }
[root@localhost sysconfig]# pwd /usr/local/keepalived/etc/sysconfig [root@localhost sysconfig]# cp keepalived /srv/salt/prod/keepalived/files/keepalived.sysconfig
[root@localhost keepalived]# pwd /srv/salt/prod/keepalived [root@localhost keepalived]# cat install.sls include: - pkg.pkg-init keepalived-install: file.managed: - name: /usr/local/src/keepalived-1.2.19.tar.gz - source: salt://keepalived/files/keepalived-1.2.19.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src/ && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - pkg: pkg-init - file: keepalived-install [root@localhost keepalived]# vim install.sls [root@localhost keepalived]# ls files install.sls [root@localhost keepalived]# cd files/ [root@localhost files]# ls keepalived.conf keepalived.init keepalived.sysconfig [root@localhost files]# cp /usr/local/src/keepalived-1.2.19.tar.gz . [root@localhost files]# ls keepalived-1.2.19.tar.gz keepalived.conf keepalived.init keepalived.sysconfig [root@localhost files]# cd .. [root@localhost keepalived]# ls files install.sls [root@localhost keepalived]# pwd /srv/salt/prod/keepalived [root@localhost keepalived]# cat install.sls include: - pkg.pkg-init keepalived-install: file.managed: - name: /usr/local/src/keepalived-1.2.19.tar.gz - source: salt://keepalived/files/keepalived-1.2.19.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src/ && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - pkg: pkg-init - file: keepalived-install keepalived-init: file.managed: - name: /etc/init.d/keepalived - source: salt://keepalived/files/keepalived.init - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: keepalived-init /etc/sysconfig/keepalived: file.managed: - source: salt://keepalived/files/keepalived.sysconfig - user: root - group: root - mode: 644 /etc/keepalived: file.directory: - user: root - group: root - mode: 755 [root@localhost keepalived]# salt '*' state.sls keepalived.install env=prod
SaltStack配置管理-业务引用keepalived
[root@localhost files]# pwd /srv/salt/prod/cluster/files [root@localhost files]# cat haproxy-outside-keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ROUTEID}} } vrrp_instance haproxy_ha { state {{STATEID}} interface eth0 virtual_router_id 36 priority {{PRIORITYID}} advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.240.131 } }
[root@localhost cluster]# pwd /srv/salt/prod/cluster [root@localhost cluster]# cat haproxy-outside-keepalived.sls include: - keepalived.install keepalived-service: file.managed: - name: /etc/keepalived/keepalived.conf - source: salt://cluster/files/haproxy-outside-keepalived.conf - user: root - group: root - mode: 644 - templates: jinja {% if grains['fqdn'] == '192.168.240.130' %} - ROUTEID: haproxy_ha - STATEID: MASTER - PRIORITYID: 150 {% elif grains['fqdn'] == '192.168.240.131' %} - ROUTEID: haproxy_ha - STATEID: BACKUP - PRIORITYID: 100 {% endif %} service.running: - name: keepalived - enable: True - watch: - file: keepalived-service [root@localhost cluster]# salt '*' state.sls cluster.haproxy-outside-keepalived env=prod
[root@localhost base]# pwd /srv/salt/base [root@localhost base]# cat top.sls base: '*': - init.env_init prod: '192.168.240.130': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived '192.168.240.131': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived [root@localhost base]# salt '*' state.highstate
saltstack增加zabbix
[root@localhost init]# pwd /srv/salt/base/init [root@localhost init]# cat zabbix_agent.sls zabbix-agent-install: pkg.installed: - name: zabbix-agent file.managed: - name: /etc/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - template: jinja - defaults: Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }} -require: - pkg: zabbix-agent-install service.running: - name: zabbix-agent - enable: True - watch: - pkg: zabbix-agent-install - file: zabbix-agent-install
[root@localhost base]# pwd /srv/pillar/base [root@localhost base]# cat top.sls base: '*': - zabbix [root@localhost files]# pwd /srv/salt/base/init/files cp /etc/zabbix/zabbix_agentd.conf . 修改:Server={{ Server }} [root@localhost init]# cat env_init.sls include: - init.dns - init.history - init.audit - init.sysctl - init.zabbix_agent [root@localhost init]# salt '*' state.highstate源码: https://github.com/unixhot/saltbook-code