SaltStack configuration management
1. YAML language
YAML is an intuitive data serialization format that can be recognized by computer. It is a programming language with high readability, easy to be read by human beings, easy to interact with scripting language and used to express data sequences.
It is similar to the data description language of XML, a subset of the standard general markup language, and its syntax is much simpler than XML.
The format of YAML language is as follows:
house:
family:
name: Doe
parents:
- John
- Jane
children:
- Paul
- Mark
- Simone
address:
number: 12
street: Main Street
city: Nowheretown
zipcode: 486254
Basic rules of YAML:
- Indent is used to represent the hierarchical relationship. There are 2 spaces in each layer. The TAB key is prohibited
- When the colon is not at the end, there must be a space after the colon
- Use - to represent the list, and there must be a space after -
- Use # to indicate comments
The YAML configuration file should be placed in the location of SaltStack. You can find the file in the Master configuration file of SaltStack_ You can see it from the roots.
[root@master ~]# vim /etc/salt/master
......
667 file_roots:
668 base:
669 - /srv/salt/base
670 dev:
671 - /srv/salt/dev
672 prod:
673 - /srv/salt/prod
674 test:
675 - /srv/salt/test
......
[root@master ~]# mkdir -p /srv/salt/{base,dev,prod,test}
[root@master ~]# tree /srv/salt/
/srv/salt/
|-- base # Basic environment
|-- dev # development environment
|-- prod # production environment
`-- test # testing environment
systemctl restart salt-master
Note:
- Base is the default location, if file_ If there is only one root, base is required and must be called base, and cannot be renamed
2. Configure an apache instance using Saltstack
Deploy the SLS (status file) configuration file on the master and execute it
[root@master ~]# cd /srv/salt/base/
[root@master base]# mkdir -p web/apache
[root@master base]# tree
.
`-- web
`-- apache
[root@master base]# vim web/apache/install.sls
apache-install:
pkg.installed: # Install apache
- name: httpd
apache-service:
service.running: # Start apache
- name: httpd
- enable: True
# The top grid in YAML configuration file is called ID, which must be globally unique and cannot be repeated
# SaltStack reads YAML configuration files from top to bottom, so write the first execution in front
# Check whether httpd is installed on the node1 controlled machine
[root@node1 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@node1 ~]# rpm -qa |grep httpd
# View directory structure on master
[root@master base]# tree /srv/salt/base/
/srv/salt/base/
`-- web
`-- apache
`-- install.sls # Execute this file
2 directories, 1 file
[root@master base]# pwd
/srv/salt/base
[root@master base]# salt 'node1' state.sls web.apache.install # implement
node1:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 02:44:16.206278
Duration: 16168.849 ms
Changes:
----------
apr:
----------
new:
1.6.3-12.el8
old:
apr-util:
----------
new:
1.6.1-6.el8
old:
apr-util-bdb:
----------
new:
1.6.1-6.el8
old:
apr-util-openssl:
----------
new:
1.6.1-6.el8
old:
centos-logos-httpd:
----------
new:
85.8-1.el8
old:
httpd:
----------
new:
2.4.37-40.module_el8.5.0+852+0aafc63b
old:
httpd-filesystem:
----------
new:
2.4.37-40.module_el8.5.0+852+0aafc63b
old:
httpd-tools:
----------
new:
2.4.37-40.module_el8.5.0+852+0aafc63b
old:
mailcap:
----------
new:
2.1.48-3.el8
old:
mod_http2:
----------
new:
1.15.7-3.module_el8.4.0+778+c970deab
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 02:44:32.384176
Duration: 286.809 ms
Changes:
----------
httpd:
True
Summary for node1
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 16.456 s
2.1 check the installation in node1 of the controlled machine
[root@node1 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@node1 ~]# rpm -qa |grep httpd
centos-logos-httpd-85.8-1.el8.noarch
httpd-2.4.37-40.module_el8.5.0+852+0aafc63b.x86_64
httpd-tools-2.4.37-40.module_el8.5.0+852+0aafc63b.x86_64
httpd-filesystem-2.4.37-40.module_el8.5.0+852+0aafc63b.noarch
[root@node1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor prese>
Active: active (running) since Tue 2021-11-02 02:44:32 EDT; 1min 23s ago
Docs: man:httpd.service(8)
Main PID: 564377 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 11201)
Memory: 25.1M
CGroup: /system.slice/httpd.service
├─564377 /usr/sbin/httpd -DFOREGROUND
├─564407 /usr/sbin/httpd -DFOREGROUND
From the above, we can see that apache has indeed been successfully deployed.
Tips for executing status files:
- First test whether the host that needs to execute the status file can communicate normally with test.ping, and then execute the status file
3. top file
3.1 top file introduction:
Is it automatic enough to execute sls files directly through commands? The answer is no, because we have to tell a host to perform a task. Automation should be that when we let it work, it knows which host to do. However, executing sls files directly through commands can not achieve this purpose. In order to solve this problem, top file came into being.
Top file is an entry. The file name of top file can be found by searching top.sls in the Master configuration file, and this file must be in the base environment. By default, this file must be called top.sls.
The function of top file is to tell the corresponding host what to do, such as enabling the web server to start web services, enabling the database server to install mysql, and so on.
3.2 top file example:
# Operation on master
[root@master base]# pwd
/srv/salt/base
[root@master base]# vim top.sls
base: # Environment to execute the status file
'node1': # Target to execute status file
- web.apache.install # Status file to execute
# Stop httpd of node1
[root@node1 ~]# systemctl stop httpd
# Use advanced state to perform
[root@master base]# salt '*' state.highstate saltenv=base # saltenv=base is the specified environment
master:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found. Please see master log for details. # There is no definition of what the master should do in the top file, so it is normal
Changes:
Summary for master
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
node1:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 02:59:39.039787
Duration: 575.097 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 02:59:39.616343
Duration: 33.149 ms
Changes:
Summary for node1
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 608.246 ms
ERROR: Minions returned with non-zero exit code
# View the httpd status of node1 of the controlled host
[root@node1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor prese>
Active: active (running) since Tue 2021-11-02 02:57:38 EDT; 4min 41s ago
Docs: man:httpd.service(8)
Main PID: 589027 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 11201)
Memory: 25.3M
CGroup: /system.slice/httpd.service
├─589027 /usr/sbin/httpd -DFOREGROUND
├─589035 /usr/sbin/httpd -DFOREGROUND
be careful:
If the target in the top file is represented by *, it should be noted that the * in the top file represents all targets to be executed, while the * in salt '*' state.highstate indicates that all machines are notified to work, and whether to work is specified by the top file
4. Use of advanced status highstate
When managing SaltStack, the most common management operation is to perform advanced status
[root@master ~]# salt '*' state.highstate # The salt command is prohibited in the production environment
be careful:
The above allows everyone to execute the advanced state, but it is generally not used in actual work. In work, it is generally to notify one or some target hosts to execute the advanced state. The specific execution is determined by the top file.
If you add the parameter test=True when executing the advanced state, it will tell us what it will do, but it will not really perform this operation.
# Stop the httpd service on node1
[root@node1 ~]# systemctl stop httpd
[root@node1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor prese>
Active: inactive (dead) since Tue 2021-11-02 03:34:57 EDT; 1min 5s ago
Docs: man:httpd.service(8)
Process: 648057 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited,>
Main PID: 648057 (code=exited, status=0/SUCCESS)
Status: "Running, listening on: port 80"
Nov 02 03:27:41 node1 systemd[1]: Starting The Apache HTTP Server...
Nov 02 03:27:41 node1 httpd[648057]: AH00558: httpd: Could not reliably determi>
Nov 02 03:27:41 node1 systemd[1]: Started The Apache HTTP Server.
# Perform advanced status tests on the master
[root@master base]# salt 'node1' state.highstate test=True
node1:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 03:37:52.157449
Duration: 612.26 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: None
Comment: Service httpd is set to start # httpd will start
Started: 03:37:52.771197
Duration: 36.951 ms
Changes:
Summary for node1
------------
Succeeded: 2 (unchanged=1)
Failed: 0
------------
Total states run: 2
Total run time: 649.211 ms
# Check whether httpd is started on node1. It can be seen that the advanced state is not executed because httpd is not started
[root@node1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor prese>
Active: inactive (dead) since Tue 2021-11-02 03:34:57 EDT; 5min ago
Docs: man:httpd.service(8)
Process: 648057 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited,>
Main PID: 648057 (code=exited, status=0/SUCCESS)
Status: "Running, listening on: port 80"
Nov 02 03:27:41 node1 systemd[1]: Starting The Apache HTTP Server...
Nov 02 03:27:41 node1 httpd[648057]: AH00558: httpd: Could not reliably determi>
Nov 02 03:27:41 node1 systemd[1]: Started The Apache HTTP Server.