saltstack-的日常使用 (二)
2017-10-19 本文已影响12人
Medivh_
更多关注:http://www.mknight.cn/
注意在6和7不同的系统版本,执行的命令是不一样的,比如salt '*' service.restart salt-minion只支持6.
常用命令
查看IP
salt '*' network.interface_ip eth0
管理Key
复制Key
将authorized_keys创建软链到salt://files/keys/。
keys:
file.managed:
- name: /root/.ssh/authorized_keys
- source: salt://files/keys/authorized_keys
- mode: 600
- user: root
- backup: minion
backup 将在minion备份,以时间命名,保存在/var/cache/salt/minion/file_backup。如果没有就新建。
file.list_backups 检查备份信息
salt '*' file.list_backups /root/.ssh/authorized_keys
[root@test keys]# salt '*' file.list_backups /root/.ssh/authorized_keys
xx-1:
----------
0:
----------
Backup Time:
Wed Aug 30 2017 15:34:51.097279
Location:
/var/cache/salt/minion/file_backup/root/.ssh/authorized_keys_Wed_Aug_30_15:34:51_097279_2017
Size:
1479
xx-2:
----------
0:
----------
Backup Time:
Wed Aug 30 2017 15:34:50.605990
Location:
/var/cache/salt/minion/file_backup/root/.ssh/authorized_keys_Wed_Aug_30_15:34:50_605990_2017
Size:
1479
1:
----------
Backup Time:
Wed Aug 30 2017 15:10:25.541514
Location:
/var/cache/salt/minion/file_backup/root/.ssh/authorized_keys_Wed_Aug_30_15:10:25_541514_2017
Size:
1219
如果不需要,则可以删除+ 序列号
# salt foo.bar.com file.delete_backup /tmp/foo.txt 0
salt '*' state.sls services.keys.keys
管理其他用户的Key
user_add:
user.present:
- name: devlog
- shell: /bin/bash
- home: /home/devlog
- system: True
- groups:
- wheel
user_ssh:
file.directory:
- name: /home/devlog/.ssh/
- require:
- user: user_add
user_keys:
file.managed:
- name: /home/devlog/.ssh/authorized_keys
- source: salt://files/keys/devlog_authorized_keys
- mode: 600
- user: devlog
- require:
- file: user_ssh
安装服务
yum安装
salt 'docker' state.sls services.redis.redis
redis-install:
pkg:
- name: redis
- installed
redis-data:
file.directory:
- name: /opt/redis/data6380
- makedirs: True
redis-config-dir:
file.directory:
- name: /etc/redis
- makedirs: True
redis-config:
file.managed:
- name: /etc/redis/6380.conf
- source: salt://services/redis/files/6380.conf
redis-service:
cmd.run:
- name: /usr/bin/redis-server /etc/redis/6380.conf
注意:
- file.directory 是对目录的管理;
- file.managed是对文件的管理
解压安装
redis_source:
file.managed:
- name: /usr/src/redis.2.8.tar.gz
- unless: test -f /usr/src/redis.2.8.tar.gz
- source: salt://services/redis/files/redis.2.8.tar.gz
redis_tar:
cmd.run:
- cwd: /usr/src
- name: mkdir /usr/local/redis && tar zxvf redis.2.8.tar.gz -C /usr/local/
- unless: test -f /usr/src/redis.2.8.tar.gz
- require:
- file: redis_source
redis_data:
file.directory:
- name: /opt/redis/data6380
- unless: test -d /opt/redis/data6380
- makedirs: True
redis_config_dir:
file.directory:
- name: /etc/redis
- unless: test -d /etc/redis
- makedirs: True
redis_config:
file.managed:
- name: /etc/redis/6380.conf
- source: salt://services/redis/files/6380.conf
redis_service:
cmd.run:
- name: /usr/local/redis/bin/redis-server /etc/redis/6380.conf
- require:
- file: redis_data
- file: redis_config
注意:
- require 依赖某个state,在运行此state前,先运行依赖的state,依赖可以有多个。满足条件后才执行
模板
配置piller
/srv/pillar
top.sls
base:
'*':
- redis
redis.sls
redis:
HOST: {{ grains['fqdn_ip4'][1] }}
PORT: 6380
配置文件
daemonize yes
pidfile /var/run/redis/redis{{ PORT }}.pid
port {{ PORT }}
bind {{ HOST }}
dir /opt/redis/data{{ PORT }}
timeout 0
requirepass 'XXXXXXXXX'
sls
redis_source:
file.managed:
- name: /usr/src/redis.2.8.tar.gz
- unless: test -f /usr/src/redis.2.8.tar.gz
- source: salt://services/redis/files/redis.2.8.tar.gz
redis_tar:
cmd.run:
- cwd: /usr/src
- name: mkdir /usr/local/redis && tar zxvf redis.2.8.tar.gz -C /usr/local/
- unless: test -f /usr/src/redis.2.8.tar.gz
- require:
- file: redis_source
redis_data:
file.directory:
- name: /opt/redis/data{{ pillar['redis']['PORT'] }}
- unless: test -d /opt/redis/data{{pillar['redis']['PORT']}}
- makedirs: True
redis_config_dir:
file.directory:
- name: /etc/redis
- unless: test -d /etc/redis
- makedirs: True
redis_config:
file.managed:
- name: /etc/redis/{{pillar['redis']['PORT']}}.conf
- source: salt://services/redis/files/redis.conf
- template: jinja #渲染配置文件,引用变量
- PORT: {{ pillar['redis']['PORT'] }}
- HOST: {{ pillar['redis']['HOST'] }}
redis_service:
cmd.run:
- name: /usr/local/redis/bin/redis-server /etc/redis/{{ pillar['redis']['PORT'] }}.conf
- require:
- file: redis_data
- file: redis_config
