saltstack 状态文件设定:
编辑 / etc/salt/master,修改其中关于 "设置文件的目录" 的设置:
说明:注意语法格式,顶格 / 冒号 / 两个空格
- state_top: top.sls
- # The state system uses a "top" file to tell the minions what environment to
- # use and what modules to use. The state_top file is defined relative to the
- # root of the base environment as defined in "File Server settings" below.
- #state_top: top.sls
- [root@master ~]# mkdir -p /etc/salt/states
- [root@master ~]# vim /etc/salt/states/top.sls
- [root@master ~]# sed -i '329s/#//' /etc/salt/master
- state_top: top.sls
- 说明:将329行的注释取消
进入 base 环境下,并配置下 top.sls
- [root@master ~]# cd /etc/salt/states/
- [root@master states]# mkdir -p init
- [root@master states]# mkdir -p prod
- [root@master states]# vim top.sls
- [root@master states]# cat top.sls
- base:
- 'node01.saltstack.com':
- -init.pkg
说明:base 是指定一个名称,init 为文件夹的名称,pkg 为 pkg.sls
- [root@master states]# ll
- 总用量 12
- drwxr-xr-x 2 root root 4096 2月 15 14:16 init
- drwxr-xr-x 2 root root 4096 2月 15 14:16 prod
- -rw-r--r-- 1 root root 46 2月 15 14:17 top.sls
- [root@master states]# cd init/
- [root@master init]# vim pkg.sls
- [root@master init]# cat pkg.sls
- pkg.init:
- pkg.installed:
- - names:
- - lrzsz
- - mtr
- - nmap
案例 1:使用 salt 初始化系统模块:
- [root@master init]# salt '*' state.sls init.pkg
- node01.saltstack.com:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: mtr
- Result: True
- Comment: Package mtr is already installed.
- Started: 14:56:02.574416
- Duration: 11389.014 ms
- Changes:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: nmap
- Result: True
- Comment: Package nmap is already installed.
- Started: 14:56:13.963968
- Duration: 3.619 ms
- Changes:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: lrzsz
- Result: True
- Comment: Package lrzsz is already installed.
- Started: 14:56:13.967979
- Duration: 1.042 ms
- Changes:
- Summary
- ------------
- Succeeded: 3
- Failed: 0
- ------------
- Total states run: 3
案例 2:saltstack 修改内核参数:
- [root@master ~]# cd /etc/salt/states/init/
- [root@master init]# tree
- .
- └── pkg.sls
- 0 directories, 1 file
- [root@master init]# mkdir -p files
- [root@master init]# cd files/
- [root@master init]# vim limit.sls
- limit-conf-config:
- file.managed:
- - name: /etc/security/limits.conf
- - source: salt://init/files/limits.conf
- - user: root
- - group: root
- - mode: 644
- [root@master files]# cd /etc/security/
- [root@master security]# ls
- access.conf console.perms limits.d opasswd time.conf
- chroot.conf console.perms.d namespace.conf pam_env.conf
- console.apps group.conf namespace.d pam_winbind.conf
- console.handlers limits.conf namespace.init sepermit.conf
- [root@master security]# cp limits.conf /etc/salt/states/init/files/
- [root@master files]# vim limits.conf
- * soft core 0
- * hard rss 10000
- [root@master states]# pwd
- /etc/salt/states
- 注意:要将新的模块添加到top.sls中,不然会有其它报错
- [root@master states]# cat top.sls
- base:
- '*':
- - init.pkg
- - init.limit
- [root@master init]# salt '*' state.highstate
- node01.saltstack.com:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: mtr
- Result: True
- Comment: Package mtr is already installed.
- Started: 17:42:55.479576
- Duration: 7120.831 ms
- Changes:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: nmap
- Result: True
- Comment: Package nmap is already installed.
- Started: 17:43:02.601307
- Duration: 2.278 ms
- Changes:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: lrzsz
- Result: True
- Comment: Package lrzsz is already installed.
- Started: 17:43:02.603841
- Duration: 0.952 ms
- Changes:
- ----------
- ID: limit-conf-config
- Function: file.managed
- Name: /etc/security/limits.conf
- Result: True
- Comment: File /etc/security/limits.conf updated
- Started: 17:43:02.612678
- Duration: 19.256 ms
- Changes:
- ----------
- diff:
- ---
- +++
- @@ -39,8 +39,8 @@
- #<domain> <type> <item> <value>
- #
- -#* soft core 0
- -#* hard rss 10000
- +* soft core 0
- +* hard rss 10000
- #@student hard nproc 20
- #@faculty soft nproc 20
- #@faculty hard nproc 50
- Summary
- ------------
- Succeeded: 4 (changed=1)
- Failed: 0
- ------------
- Total states run: 4
- 客户端测试:
- [root@node01 security]# egrep -v '#|^$' limits.conf
- * soft core 0
- * hard rss 10000
案例 3:同步某个计划任务
- 最近发现很多服务器上没有配置ntp服务器指向,简单写个计划任务,然后通过状态文件下发
- 思路:
- a)准备好需要下发的文件
- b)编辑sls文件
- c)修改top.sls,添加信息进去
- [root@master ~]# cat /var/spool/cron/root
- */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1
- [root@master ~]# cd /etc/salt/states/
- [root@master states]# ls
- init prod top.sls
- [root@master states]# cd init/
- [root@master init]# ls
- files limit.sls pkg.sls
- [root@master init]# cp limit.sls ntp-crontab.sls
- [root@master init]# ls
- files limit.sls ntp-crontab.sls pkg.sls
- [root@master init]# cd files/
- [root@master files]# cp /var/spool/cron/root .
- [root@master files]# pwd
- /etc/salt/states/init/files
- [root@master files]# cat root
- */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1
- [root@master files]# mv root ntp-crontab.conf
- [root@master files]# cat ntp-crontab.conf
- */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1
- [root@master files]# cd ..
- [root@master init]# ls
- files limit.sls ntp-crontab.sls pkg.sls
- [root@master ~]# cat /etc/salt/states/init/ntp-crontab.sls
- ntp-crontab-config:
- file.managed:
- - name: /var/spool/cron/root
- - source: salt://init/files/ntp-crontab.conf
- - user: root
- - group: root
- - mode: 644
- 计划任务更新执行结果:
- [root@master init]# salt '*' state.highstate
- node01.saltstack.com:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: mtr
- Result: True
- Comment: Package mtr is already installed.
- Started: 21:09:06.608808
- Duration: 4265.514 ms
- Changes:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: nmap
- Result: True
- Comment: Package nmap is already installed.
- Started: 21:09:10.874647
- Duration: 0.685 ms
- Changes:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: lrzsz
- Result: True
- Comment: Package lrzsz is already installed.
- Started: 21:09:10.875446
- Duration: 0.583 ms
- Changes:
- ----------
- ID: limit-conf-config
- Function: file.managed
- Name: /etc/security/limits.conf
- Result: True
- Comment: File /etc/security/limits.conf is in the correct state
- Started: 21:09:10.879350
- Duration: 4.1 ms
- Changes:
- ----------
- ID: ntp-crontab-config
- Function: file.managed
- Name: /var/spool/cron/root
- Result: True
- Comment: File /var/spool/cron/root updated
- Started: 21:09:10.883639
- Duration: 9.342 ms
- Changes:
- ----------
- diff:
- New file
- mode:
- 0644
- Summary
- ------------
- Succeeded: 5 (changed=1)
- Failed: 0
- ------------
- Total states run: 5
- node02.saltstack.com:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: mtr
- Result: True
- Comment: Package mtr is already installed.
- Started: 21:09:07.831431
- Duration: 4292.2 ms
- Changes:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: nmap
- Result: True
- Comment: Package nmap is already installed.
- Started: 21:09:12.123977
- Duration: 0.714 ms
- Changes:
- ----------
- ID: pkg.init
- Function: pkg.installed
- Name: lrzsz
- Result: True
- Comment: Package lrzsz is already installed.
- Started: 21:09:12.124798
- Duration: 0.426 ms
- Changes:
- ----------
- ID: limit-conf-config
- Function: file.managed
- Name: /etc/security/limits.conf
- Result: True
- Comment: File /etc/security/limits.conf is in the correct state
- Started: 21:09:12.128235
- Duration: 5.165 ms
- Changes:
- ----------
- ID: ntp-crontab-config
- Function: file.managed
- Name: /var/spool/cron/root
- Result: True
- Comment: File /var/spool/cron/root updated
- Started: 21:09:12.133621
- Duration: 8.761 ms
- Changes:
- ----------
- diff:
- New file
- mode:
- 0644
- Summary
- ------------
- Succeeded: 5 (changed=1)
- Failed: 0
- ------------
- Total states run: 5
- 检查结果:
- [root@node01 spool]# cd /var/spool/cron/
- [root@node01 cron]# ls
- root
- [root@node01 cron]# cat root
- */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1
- [root@node02 ~]# cat /var/spool/cron/root
- */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1
- 通过对比会发现,与master的下发文件一致
案例 4:同步内网的 hosts 文件(适用于内网没有建立独立 DNS 的情况)
- [root@master ~]# cd /etc/salt/states/init/
- [root@master init]# ll
- 总用量 16
- drwxr-xr-x 2 root root 4096 2月 18 21:01 files
- -rw-r--r-- 1 root root 168 2月 18 17:42 limit.sls
- -rw-r--r-- 1 root root 169 2月 18 21:08 ntp-crontab.sls
- -rw-r--r-- 1 root root 79 2月 15 14:55 pkg.sls
- [root@master init]# cd files/
- [root@master files]# vim hosts.conf
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- 10.10.10.140 master master.saltstack.com
- 10.10.10.141 node01 node01.saltstack.com
- 10.10.10.142 node02 node02.saltstack.com
- 10.10.10.143 node03 node03.saltstack.com
- [root@master init]# cat hosts.sls
- hosts-config:
- file.managed:
- - name: /etc/hosts
- - source: salt://init/files/hosts.conf
- - user: root
- - group: root
- - mode: 644
- 说明:下发文件到/etc/hosts,源文件
- [root@master states]# cat /etc/salt/states/top.sls
- base:
- '*':
- - init.pkg
- - init.limit
- - init.ntp-crontab
- - init.hosts
- [root@master states]# salt '*' state.highstate
- ----------前面的部分我直接省略了--------------
- ----------
- ID: hosts-config
- Function: file.managed
- Name: /etc/hosts
- Result: True
- Comment: File /etc/hosts updated
- Started: 21:31:43.644962
- Duration: 13.119 ms
- Changes:
- ----------
- diff:
- ---
- +++
- @@ -3,3 +3,4 @@
- 10.10.10.140 mastermaster.saltstack.com
- 10.10.10.141 node01node01.saltstack.com
- 10.10.10.142 node02node02.saltstack.com
- +10.10.10.143 node03node03.saltstack.com
- Summary
- ------------
- Succeeded: 6 (changed=1)
- Failed: 0
- ------------
- Total states run: 6
- 客户端进行测试:
- [root@node01 cron]# cat /etc/hosts
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- 10.10.10.140 master master.saltstack.com
- 10.10.10.141 node01 node01.saltstack.com
- 10.10.10.142 node02 node02.saltstack.com
- 10.10.10.143 node03 node03.saltstack.com
- [root@node02 ~]# cat /etc/hosts
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- 10.10.10.140 master master.saltstack.com
- 10.10.10.141 node01 node01.saltstack.com
- 10.10.10.142 node02 node02.saltstack.com
- 10.10.10.143 node03 node03.saltstack.com
- 如果此时我在master端修改hosts.conf文件
- [root@master init]# pwd
- /etc/salt/states/init
- [root@master init]# cat files/hosts.conf
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- 10.10.10.140 master master.saltstack.com
- 10.10.10.141 node01 node01.saltstack.com
- 10.10.10.142 node02 node02.saltstack.com
- 10.10.10.143 node03 node03.saltstack.com
- 10.10.10.144 openstack01 openstack01.saltstack.com
- 10.10.10.145 openstack02 openstack02.saltstack.com
- [root@master init]# salt '*' state.highstate
- ----------前面的部分我直接省略了--------------
- ----------
- ID: hosts-config
- Function: file.managed
- Name: /etc/hosts
- Result: True
- Comment: File /etc/hosts updated
- Started: 21:37:50.679328
- Duration: 78.269 ms
- Changes:
- ----------
- diff:
- ---
- +++
- @@ -4,3 +4,5 @@
- 10.10.10.141node01node01.saltstack.com
- 10.10.10.142node02node02.saltstack.com
- 10.10.10.143node03node03.saltstack.com
- +10.10.10.144openstack01openstack01.saltstack.com
- +10.10.10.145openstack02openstack02.saltstack.com
- Summary
- ------------
- Succeeded: 6 (changed=1)
- Failed: 0
- ------------
- Total states run: 6
- 客户端进行测试:
- [root@node01 cron]# cat /etc/hosts
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- 10.10.10.140 master master.saltstack.com
- 10.10.10.141 node01 node01.saltstack.com
- 10.10.10.142 node02 node02.saltstack.com
- 10.10.10.143 node03 node03.saltstack.com
- 10.10.10.144 openstack01 openstack01.saltstack.com
- 10.10.10.145 openstack02 openstack02.saltstack.com
- [root@node02 ~]# cat /etc/hosts
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- 10.10.10.140 master master.saltstack.com
- 10.10.10.141 node01 node01.saltstack.com
- 10.10.10.142 node02 node02.saltstack.com
- 10.10.10.143 node03 node03.saltstack.com
关于 salt 批量配置 hosts 文件:http://www.ttlsa.com/linux/salt-modules-hosts/
这里我只写一个添加 hosts 文件的例子,更多内容可以参考上面的链接(干货很多)
- [root@master ~]# salt '*' hosts.set_host 10.10.10.145 openstack02.saltstack.com
- node02.saltstack.com:
- True
- node01.saltstack.com:
- True
- [root@master ~]# salt '*' hosts.set_host 10.10.10.143 openstack03.saltstack.com
- node02.saltstack.com:
- True
- node01.saltstack.com:
- True
- [root@master ~]# salt-ssh '*' cmd.run 'tail -2 /etc/hosts'
- node02:
- 10.10.10.144 openstack01 openstack01.saltstack.com
- 10.10.10.145 openstack02.saltstack.com
- node01:
- 10.10.10.144 openstack01 openstack01.saltstack.com
- 10.10.10.145 openstack02.saltstack.com
来源: http://www.bubuko.com/infodetail-1950556.html