Configuration management of SaltStack
YAML language
YAML is an intuitive data serialization format that can be recognized by computer. It is a programming language with high readability, easy to be read by human beings, easy to interact with scripting language and used to express data sequences.
It is similar to the data description language of XML, a subset of the standard general markup language, and its syntax is much simpler than XML.
The format of YAML language is as follows:
house:
family:
name: Doe
parents:
- John
- Jane
children:
- Paul
- Mark
- Simone
address:
number: 34
street: Main Street
city: Nowheretown
zipcode: 12345
Basic rules of YAML:
- Indent is used to represent the hierarchical relationship. There are 2 spaces in each layer. The TAB key is prohibited
- When the colon is not at the end, there must be a space after the colon
- Use - to represent the list, and there must be a space after -
- Use # to indicate comments
The YAML configuration file should be placed in the location of SaltStack. You can find the file in the Master configuration file of SaltStack_ You can see it from the roots.
[root@master ~]# vim /etc/salt/master
...Omitted here N that 's ok
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
dev:
- /srv/salt/dev
prod:
- /srv/salt/prod
...Omitted here N that 's ok
[root@master ~]# mkdir -p /srv/salt/{base,test,dev,prod}
[root@master ~]# tree /srv/salt/
/srv/salt/
├── base
├── dev
├── prod
└── test
4 directories, 0 files
[root@master ~]# systemctl restart salt-master
Note:
- Base is the default location, if file_ If there is only one root, base is required and must be called base, and cannot be renamed
Configuring an apache instance with SaltStack
Deploy the sls configuration file on the Master and execute
[root@master salt]# cd /srv/salt/base/
[root@master base]# ls
[root@master base]# mkdir -p web/apache
[root@master base]# tree
.
└── web
└── apache
2 directories, 0 files
[root@master base]# vim web/apache/apache.sls
apache-install:
pkg.installed:
- name: httpd
apache-server:
service.running
- name: httpd
- enable: True
// The top grid in YAML configuration file is called ID, which must be globally unique and cannot be repeated
// SaltStack reads YAML configuration files from top to bottom, so write the first execution in front
//Execution status description file
[root@master base]# salt 'client' state.sls web.apache.apache
[root@master base]# salt 'client' state.sls web.apache.apache
client:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 16:08:39.693890
Duration: 509.763 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 16:08:40.205546
Duration: 40.311 ms
Changes:
Summary for client
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 550.074 ms
View on client
// Check whether httpd is installed on the client host
[root@client ~]# rpm -qa |grep httpd
httpd-filesystem-2.4.37-39.module_el8.4.0+950+0577e6ac.1.noarch
centos-logos-httpd-85.8-1.el8.noarch
httpd-2.4.37-39.module_el8.4.0+950+0577e6ac.1.x86_64
httpd-tools-2.4.37-39.module_el8.4.0+950+0577e6ac.1.x86_64
[root@client ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabl>
Active: active (running) since Tue 2021-11-02 16:07:47 CST; 5min ago
Docs: man:httpd.service(8)
Main PID: 55447 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 11293)
Memory: 32.0M
CGroup: /system.slice/httpd.service
├─55447 /usr/sbin/httpd -DFOREGROUND
├─56279 /usr/sbin/httpd -DFOREGROUND
├─56280 /usr/sbin/httpd -DFOREGROUND
├─56281 /usr/sbin/httpd -DFOREGROUND
└─56282 /usr/sbin/httpd -DFOREGROUND
11 February 16:07:32 client systemd[1]: Starting The Apache HTTP Server...
11 February 16:07:47 client httpd[55447]: AH00558: httpd: Could not reliably determine the s>
11 February 16:07:47 client systemd[1]: Started The Apache HTTP Server.
11 February 16:07:57 client httpd[55447]: Server configured, listening on: port 80
From the above, we can see that apache has indeed been successfully deployed.
Tips for executing status files:
- First test whether the host that needs to execute the status file can communicate normally with test.ping, and then execute the status file
top file
top file introduction
Is it automatic enough to execute sls files directly through commands? The answer is no, because we have to tell a host to perform a task. Automation should be that when we let it work, it knows which host to do. However, executing sls files directly through commands can not achieve this purpose. In order to solve this problem, top file came into being.
Top file is an entry. The file name of top file can be found by searching top.sls in the Master configuration file, and this file must be in the base environment. By default, this file must be called top.sls.
The function of top file is to tell the corresponding host what to do, such as enabling the web server to start web services, enabling the database server to install mysql, and so on.
top file instance:
[root@master ~]# cd /srv/salt/base/
[root@master base]# cat top.sls
base: #Environment for executing status files
'client': #Objectives of the state of implementation crisis
- web.apache.install #Status file of execution
'proxy':
- web.mysql.install
[root@master base]# vim web/apache/install.sls
apache-install:
pkg.installed:
- name: httpd
apache-service:
service.running:
- name: httpd
- enable: True
[root@master base]# vim web/mysql/install.sls
mariadb-install:
pkg.installed:
- name: mariadb-server
mariadb-service:
service.running:
- name: mariadb
- enable: True
// Execute using advanced state
[root@master base]# salt '*' state.highstate
client:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 16:40:29.000288
Duration: 599.316 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 16:40:29.601753
Duration: 48.561 ms
Changes:
Summary for client
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 647.877 ms
proxy:
----------
ID: mariadb-install
Function: pkg.installed
Name: mariadb-server
Result: True
Comment: All specified packages are already installed
Started: 16:40:29.777471
Duration: 534.998 ms
Changes:
----------
ID: mariadb-service
Function: service.running
Name: mariadb
Result: True
Comment: The service mariadb is already running
Started: 16:40:30.314422
Duration: 42.717 ms
Changes:
Summary for proxy
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 577.715 ms
// View the httpd status of minion
[root@client ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabl>
Active: active (running) since Tue 2021-11-02 16:35:30 CST; 6min ago
Docs: man:httpd.service(8)
Main PID: 108042 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 11293)
Memory: 37.1M
CGroup: /system.slice/httpd.service
├─108042 /usr/sbin/httpd -DFOREGROUND
├─108856 /usr/sbin/httpd -DFOREGROUND
├─108857 /usr/sbin/httpd -DFOREGROUND
├─108858 /usr/sbin/httpd -DFOREGROUND
└─108859 /usr/sbin/httpd -DFOREGROUND
[root@proxy ~]# systemctl status mariadb
● mariadb.service - MariaDB 10.3 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disa>
Active: active (running) since Tue 2021-11-02 16:38:00 CST; 4min 47s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Main PID: 100759 (mysqld)
Status: "Taking your SQL requests now..."
Tasks: 30 (limit: 11300)
Memory: 84.7M
CGroup: /system.slice/mariadb.service
└─100759 /usr/libexec/mysqld --basedir=/usr
Use of advanced state highstate
When managing SaltStack, the most common management operation is to perform advanced status
[root@master ~]# salt '*' state.highstate / / the salt command is prohibited in the production environment
be careful:
The above allows everyone to execute the advanced state, but it is generally not used in actual work. In work, it is generally to notify one or some target hosts to execute the advanced state. The specific execution is determined by the top file.
If you add the parameter test=True when executing the advanced state, it will tell us what it will do, but it will not really perform this operation.
// Stop httpd on minion
[root@client ~]# systemctl stop httpd
[root@client ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabl>
Active: inactive (dead) since Tue 2021-11-02 16:44:53 CST; 6s ago
Docs: man:httpd.service(8)
Process: 108042 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0>
Main PID: 108042 (code=exited, status=0/SUCCESS)
Status: "Running, listening on: port 80"
// Perform advanced status tests on the master
[root@master base]# salt 'client' state.highstate test=True
client:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 16:45:46.961315
Duration: 565.293 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: None
Comment: Service httpd is set to start
Started: 16:45:47.529790
Duration: 48.963 ms
Changes:
Summary for client
------------
Succeeded: 2 (unchanged=1)
Failed: 0
------------
Total states run: 2
Total run time: 614.256 ms
// View httpd status
[root@client ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabl>
Active: inactive (dead) since Tue 2021-11-02 16:44:53 CST; 1min 21s ago
Docs: man:httpd.service(8)
Process: 108042 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0>
Main PID: 108042 (code=exited, status=0/SUCCESS)
Status: "Running, listening on: port 80"