桌面应用安全如何保障?
880
2022-09-21
自动化运维之saltstack(二)states介绍及使用
自动化运维之saltstack(二)states介绍及使用
一、什么是Salt States?
Salt States是Salt模块的扩展,主系统使用的状态系统叫SLS系统,SLS代表Saltstack State,Salt是一些状态文件,其中包含有关如何配置Salt子节点的信息,这些状态被存放在一个目录下,可以用很多不同的格式来书写,我们可以把这些Salt States当做是对minion的管理脚本的配置模式,通过配置SLS文件,指定目标minions,可以实现在master上对minions的运行状态进行管理。
二、Salt State树
跟系统文件一样,salt state文件也有自己的树系统,这通过配置文件中的file_roots配置,默认配置如下:
#在/etc/salt/master中配置下面选项,指定salt state的根目录在/srv/salt
[root@server01 salt]# grep -A3 file_roots: /etc/salt/master # file_roots: # base: # - /srv/salt/ # dev: -- file_roots: base: - /srv/salt [root@server01 salt]#
修改master配置文件后要重启,使得配置文件生效
[root@server01 salt]# systemctl restart salt-master.service
Salt State的top文件
top.sls文件是SaltState的默认sls文件,再未作特别指定的时候,salt会默认调用top.sls来执行。例如
salt '*' state.highstate
top.sls文件需要手动创建,位置则是在Salt State树定义的目录/srv/salt下:
创建一个top.sls文件
[root@server01 salt]# vim top.sls # 添加内容如下,注意sls文件是用两个空格来作为缩进 # base 匹配状态数的base目录,即/srv/salt # '*' 表示匹配所有的minions,即所有认证通过的客户端 # - webserver:表示执行base目录下webserver.sls状态文件或是webserver/init.sls文件 base: '*': - webserver
例如:创建一个Salt State文件
上面的top.sls文件中定义了一个webserver文件,下面来添加一个webserver文件
在文件/srv/salt/webserver.sls文件中添加如下内容
[root@server01 salt]# vim webserver.sls httpd: pkg: - installed [root@server01 salt]#
执行我们定义的Salt State文件,更新所有的minion的状态
[root@server01 salt]# salt '*' state.highstate server02: ---------- ID: httpd Function: pkg.installed Result: True Comment: Package httpd is already installed. Started: 02:56:15.414698 Duration: 1114.898 ms Changes: Summary ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 server03: ---------- ID: httpd Function: pkg.installed Result: True Comment: Package httpd is already installed. Started: 02:56:15.448065 Duration: 1129.985 ms Changes: Summary ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 [root@server01 salt]#
说明:根据上面top.sls以及webserver.sls的内容,所有的minion都会安装Apache服务,如果在top.sls中修改minion的匹配,则仅会匹配到的minion进行操作。当然也可以特别指定sls文件来执行,这里用sls文件为state.sls
[root@server01 salt]# salt 'server02' state.sls webserver server02: ---------- ID: httpd Function: pkg.installed Result: True Comment: Package httpd is already installed. Started: 02:58:59.038307 Duration: 885.997 ms Changes: Summary ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 [root@server01 salt]#
#开启debug日志(minion端执行)
[root@server02 ~]# salt-minion -l debug#设置默认超时(服务端执行)
[root@server01 salt]# salt '*' state.highstate -t 60
[root@server01 salt]# salt '*' state.highstate -t 60 server03: ---------- ID: httpd Function: pkg.installed Result: True Comment: Package httpd is already installed. Started: 03:03:24.248749 Duration: 900.103 ms Changes: Summary ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 server02: ---------- ID: httpd Function: pkg.installed Result: True Comment: Package httpd is already installed. Started: 03:03:30.229662 Duration: 966.72 ms Changes: Summary ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 [root@server01 salt]#
三、实战操作
经过上面的简单介绍,下面来演示一下文件分发和软件安装
1、分发/etc/hosts文件
1)准备sls文件
[root@server01 salt]# pwd /srv/salt [root@server01 salt]# cat hosts.sls /etc/hosts: file.managed: - source: salt://testfiles/hosts - user: root - group: root - mode: 644 [root@server01 salt]# [root@server01 salt]# cat top.sls base: '*': - webserver - hosts [root@server01 salt]# [root@server01 salt]# mkdir testfiles [root@server01 salt]# cp /etc/hosts testfiles/ [root@server01 salt]# ll total 12 -rw-r--r-- 1 root root 120 Jun 12 21:21 hosts.sls drwxr-xr-x 2 root root 19 Jun 13 03:08 testfiles -rw-r--r-- 1 root root 41 Jun 13 03:07 top.sls -rw-r--r-- 1 root root 30 Jun 13 02:56 webserver.sls [root@server01 salt]# tree . ├── hosts.sls ├── testfiles │ └── hosts ├── top.sls └── webserver.sls 1 directory, 4 files [root@server01 salt]#
a、使用state.highstate调用
注意:使用state.highstate调用的前提是存在top.sls文件,因此需要提前写好top.sls文件。
[root@server01 salt]# salt '*' state.highstate server03: ---------- ID: httpd Function: pkg.installed Result: True Comment: Package httpd is already installed. Started: 03:11:08.018494 Duration: 937.237 ms Changes: ---------- ID: /etc/hosts Function: file.managed Result: True Comment: File /etc/hosts is in the correct state Started: 03:11:08.984360 Duration: 5.308 ms Changes: Summary ------------ Succeeded: 2 Failed: 0 ------------ Total states run: 2 server02: ---------- ID: httpd Function: pkg.installed Result: True Comment: Package httpd is already installed. Started: 03:11:14.019185 Duration: 905.721 ms Changes: ---------- ID: /etc/hosts Function: file.managed Result: True Comment: File /etc/hosts is in the correct state Started: 03:11:14.927716 Duration: 4.522 ms Changes: Summary ------------ Succeeded: 2 Failed: 0 ------------ Total states run: 2 [root@server01 salt]#
b、使用state.sls调用
[root@server01 salt]# salt '*' state.sls hosts server03: ---------- ID: /etc/hosts Function: file.managed Result: True Comment: File /etc/hosts is in the correct state Started: 03:12:05.888857 Duration: 17.182 ms Changes: Summary ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 server02: ---------- ID: /etc/hosts Function: file.managed Result: True Comment: File /etc/hosts is in the correct state Started: 03:12:05.903366 Duration: 16.217 ms Changes: Summary ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 [root@server01 salt]#
2、安装软件包
1)准备sls文件
[root@server01 salt]# vim package.sls pkg-install: pkg.installed: - names: - gcc - lrzsz - tree - dos2unix [root@server01 salt]# [root@server01 salt]# vim top.sls base: 'server02': - package [root@server01 salt]#
a、使用state.highstate调用
[root@server01 salt]# salt 'server02' state.highstate server02: ---------- ID: pkg-install Function: pkg.installed Name: gcc Result: True Comment: Package gcc is already installed. Started: 03:16:42.645005 Duration: 888.648 ms Changes: ---------- ID: pkg-install Function: pkg.installed Name: tree Result: True Comment: Package tree is already installed. Started: 03:16:43.533802 Duration: 0.405 ms Changes: ---------- ID: pkg-install Function: pkg.installed Name: dos2unix Result: True Comment: The following packages were installed/updated: dos2unix Started: 03:16:43.534278 Duration: 188849.681 ms Changes: ---------- dos2unix: ---------- new: 6.0.3-4.el7 old: ---------- ID: pkg-install Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 03:19:52.435148 Duration: 0.436 ms Changes: Summary ------------ Succeeded: 4 (changed=1) Failed: 0 ------------ Total states run: 4 [root@server01 salt]#
b、使用state.sls调用
[root@server01 salt]# salt 'server02' state.sls package server02: ---------- ID: pkg-install Function: pkg.installed Name: gcc Result: True Comment: Package gcc is already installed. Started: 03:23:31.945630 Duration: 849.86 ms Changes: ---------- ID: pkg-install Function: pkg.installed Name: tree Result: True Comment: Package tree is already installed. Started: 03:23:32.795666 Duration: 0.58 ms Changes: ---------- ID: pkg-install Function: pkg.installed Name: dos2unix Result: True Comment: Package dos2unix is already installed. Started: 03:23:32.796341 Duration: 0.328 ms Changes: ---------- ID: pkg-install Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 03:23:32.796745 Duration: 0.359 ms Changes: Summary ------------ Succeeded: 4 Failed: 0 ------------ Total states run: 4 [root@server01 salt]#
其他日常使用方法
3、管理定时任务
1)准备sls文件(添加定时任务)
[root@server01 salt]# vim cron.sls /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov >/dev/null 2>&1: cron.present: - identifier: SUPERCRON - user: root - minute: '0' [root@server01 salt]#
2)使用state.sls调用
[root@server01 salt]# salt 'server02' state.sls cron server02: ---------- ID: /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov >/dev/null 2>&1 Function: cron.present Result: True Comment: Cron /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov >/dev/null 2>&1 already present Started: 03:41:04.035604 Duration: 10.506 ms Changes: Summary ------------ Succeeded: 1 Failed: 0 ------------ Total states run: 1 [root@server01 salt]#
#检查执行结果
[root@server01 salt]# salt 'server02' cron.raw_cron root server02: # Lines below here are managed by Salt, do not edit # SALT_CRON_IDENTIFIER:SUPERCRON 0 * * * * /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov >/dev/null 2>&1 [root@server01 salt]#
3)准备sls文件(删除定时任务)
[root@server01 salt]# vim cron.sls /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov >/dev/null 2>&1: cron.absent: - identifier: SUPERCRON - user: root - minute: '0' [root@server01 salt]# cat top.sls base: 'server02': - cron [root@server01 salt]#
4)使用state.highstate调用
[root@server01 salt]# salt 'server02' state.highstate server02: ---------- ID: /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov >/dev/null 2>&1 Function: cron.absent Result: True Comment: Cron /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov >/dev/null 2>&1 removed from root's crontab Started: 03:45:13.267202 Duration: 26.493 ms Changes: ---------- root: /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov >/dev/null 2>&1 Summary ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 [root@server01 salt]#
#检查执行结果
[root@server01 salt]# salt 'server02' cron.raw_cron root server02: # Lines below here are managed by Salt, do not edit [root@server01 salt]#
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
最近发表
推荐文章
热评文章
暂时没有评论,来抢沙发吧~