SaltStack配置管理--状态间的关系

Posted jimmy_xuli

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SaltStack配置管理--状态间的关系相关的知识,希望对你有一定的参考价值。

一.include的引用

需求场景:用于含有多个SLS的状态,使用include可以进行多个状态的组合,将安装apache,phpmysql集合在一个sls中

 

[[email protected] prod]# pwd
/srv/salt/prod
[[email protected] prod]# vim lamp.sls
include:
  - apache.init
  - php.init
  - mysql.init
[[email protected] prod]# vim ../base/top.sls 
prod:
  ‘7mini-node1‘:
    - lamp
[[email protected] prod]# salt  "7mini-node1" state.highstate    #执行无报错为正确

 

 

二.extend的使用

需求场景:软件包安装的时候,需求假设:只在node1上按装php-mbstring包,其他的机器不安装。单独在组合的sls中添加,不需要可以删掉

[[email protected] prod]# pwd
/srv/salt/prod
[[email protected] prod]# vim lamp.sls 
include:
  - apache.init
  - php.init
  - mysql.init

extend:
  php-install:
    pkg.installed:
      - name: php-mbstring
[[email protected] prod]# salt  "7mini-node1" state.highstate

 

三、require和require_in的使用

require:我依赖谁
require_in:我被谁依赖
需求场景:如果安装不成功或者配置httpd不成功,不启动httpd

(1)require使用
[[email protected] apache]# pwd
/srv/salt/prod/apache
[[email protected] apache]# systemctl stop httpd
[[email protected] apache]# vim init_require.sls 
apache-install:
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd1.conf----->将此处的文件改错,模拟配置错误
    - user: root
    - group: root
    - mode: 644

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - require:---------------------------->使用require,表示依赖
      - pkg: apache-install--------------->依赖的状态模块为pkg模块,id为apache-install
      - file: apache-config--------------->依赖的状态模块为file模块,id为apache-config
[[email protected] apache]# salt   "7nini-noed1" state.highstate   #执行模块提示会有报错,此时httpd不会正常启动

 

(2)require_in使用               #与require是相同的只是表达方式的不同
[[email protected] apache]# vim init_require_in.sls 
apache-install:
  pkg.installed:
    - name: httpd
    - require_in:------------------>被依赖
      - service: apache-service---->被依赖的模块是service,id为apache-service

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644
    - require_in:
      - service: apache-service

apache-service:
  service.running:
    - name: httpd
    - enable: True

解释说明:require和require_in都能实现依赖的功能,主动和被动的关系不同

  

四、watch和watch_in的使用

需求场景:监控配置文件变动,重启服务或重载服务

设置重启

[[email protected] apache]# pwd
/srv/salt/prod/apache
[[email protected] apache]# vim init_watch.sls 
apache-install:
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - watch:---------------------->使用watch
      - file: apache-config------->监控的模块为file,id为apache-config
[[email protected] apache]# vim files/httpd.conf     #随意修改配置文件
[[email protected] apache]# salt  "7mini-node1" state.highstate            

 设置重载

[[email protected] apache]# vim init_watch.sls 
apache-install:
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - reload: True----------------------------------->增加参数重载
    - watch:
      - file: apache-config

[[email protected] apache]# salt -S "192.168.56.11" state.highstate

 

五、unless:状态间的条件判断

需求场景:给apache的admin目录进行加密登陆查看    #如果某文件存在将不执行

(1)修改配置文件,添加认证功能
[[email protected] apache]# vim files/httpd.conf 
<Directory "/var/www/html/admin">
        AllowOverride All
        Order allow,deny
        Allow from all
        AuthType Basic
        AuthName "haha"
        AuthUserFile /etc/httpd/conf/htpasswd_file
        Require user admin
</Directory>

(2)修改状态文件init.sls
[[email protected] apache]# vim init.sls 
apache-install:
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

apache-auth:
  pkg.installed:
    - name: httpd-tools
  cmd.run:------>使用cmd模块的run方法
    - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin---->生成密码文件
    - unless: test -f /etc/httpd/conf/htpasswd_file---->unless判断条件,test -f判断为假则执行。即htpasswd文件如果不存在就执行生成密码

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: apache-config

[[email protected] apache]# salt  "7mini-node1" state.highstate

 浏览器访问10.0.0.11/admin/index.html会出现密码验证 

  

 

 

  

  

 

以上是关于SaltStack配置管理--状态间的关系的主要内容,如果未能解决你的问题,请参考以下文章

SaltStack实战之配置管理-状态间关系

SaltStack实战之配置管理-状态间关系

SaltStack状态间的关系模块

SaltStack状态间的关系模块

SaltStack配置管理-jinja模板

运维自动化之Saltstack配置管理