saltstack自动化运维系列⑤之saltstack的配置管理详解
saltstack自动化运维系列⑤之saltstack的配置管理详解配置管理初始化:
a.服务端配置
vim /etc/salt/master
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
prod:
- /srv/salt/prod
mkdir -p /srv/salt/base
mkdir /srv/salt/test
mkdir /srv/salt/prod
1.统一管理dns配置文件resolv.conf
创建模板文件
mkdir /srv/salt/base/files
vim /srv/salt/base/files/resolv.conf
nameserver 192.168.1.13
nameserver 8.8.8.8
执行上面的状态文件,salt:命令 *:代表所有minion,state模块 sls方法 dns:要执行的state文件,可以看到minion客户端的resolv.conf已经改成了我们需要的文件
# salt '*' state.sls dns
mini1:
----------
> Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 10:07:44.479560
Duration: 16.366 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,3 @@
nameserver 192.168.1.13
-nameserver 192.168.1.14
+nameserver 8.8.8.8
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
node2.chinasoft.com:
----------
> Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 10:08:03.539547
Duration: 19.836 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,3 @@
nameserver 192.168.1.13
-nameserver 192.168.1.14
+nameserver 8.8.8.8
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
2.通过执行高级状态进行配置管理
编写top file,执行高级状态
top.sls是默认的入口文件,名称也是top.sls,必须放在base环境下
# cat top.sls
base: #base环境
'*': #指定base环境下的minion主机
- dns #高级状态需要执行服务
执行高级状态,意思是从top.sls开始读入,进行匹配执行状态文件
# salt '*' state.highstate
关于配置文件的语法说明:
a.缩进:YAML使用一个固定的缩进风哥表示数据层结构关系,salt需要每个缩进级别由两个空格组成,不要使用tabs键
b.短横线:想要表示列表项,使用一个短横线加一个空格,多个项使用同样的缩进级别作为同一列表的一部分
3.使用jinja模板进行配置管理:
jinja语法说明:
a.-File状态使用template参数-template:jinja
b.-模板文件里面变量使用{{名称}}
{{PORT}}
c.变量列表
- defualts:
PORT: 80
①.编辑配置文件
# cat dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://files/resolv.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
DNS_SERVER: 202.96.134.133
②.编辑模板文件
# vim /srv/salt/base/files/resolv.conf
#jinja template
nameserver {{DNS_SERVER}}
②.执行配置状态
# salt '*' state.sls dns
jinja结合grains
# cat files/resolv.conf
#jinja template
#{{ grains['fqdn_ip4']}}
nameserver {{DNS_SERVER}}
④执行配置:
# salt '*' state.sls dns
可以看到客户端已经添加了客户端IP地址
# cat /etc/resolv.conf
#jinja template
#['192.168.3.12']
nameserver 202.96.134.133
4.综合示例使用salt初始化系统::
a. dns配置
b. 历史命令记录时间用户
c. 增加命令审计记录
①.建立初始化目录和配置文件目录
# mkdir /srv/salt/base/init
# mkdir /srv/salt/base/init/files
# pwd
/srv/salt/base
# tree
.
├── init
└── top.sls
1 directory, 1 file
②.编写初始化配置文件
a.编写初始化dns配置
vim /srv/salt/base/init/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
# cp /etc/resolv.conf /srv/salt/base/init/files/
b.初始化history命令,在历史命令中显示执行命令时间和用户
# cat /srv/salt/base/init/history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami`"
c.添加命令审计功能,即在/var/log/message中显示命令的详细信息
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y;});logger "":$(who am i):[`pwd`]"$msg";}'
命令效果如下:
# tail -f /var/log/messages
Apr 10 20:18:07 localhost root: :root pts/0 2017-04-10 20:11 (192.168.3.84):w
Apr 10 20:18:22 localhost root: :root pts/0 2017-04-10 20:11 (192.168.3.84):ps -ef|grep nginx
Apr 10 20:18:27 localhost root: :root pts/0 2017-04-10 20:11 (192.168.3.84):ps -ef|grep zabbix
③编写配置文件
# cat /srv/salt/base/init/audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y;});logger "":$(who am i):[`pwd`]"$msg";}'
④内核参数调优
参考:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.sysctl.html#module-salt.states.sysctl
# cat /srv/salt/base/init/sysctl.sls
vm.swappiness:
sysctl.present:
- value: 0
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file
-max:
sysctl.present:
- value: 100000
⑤编写总的包含文件,即执行该状态会寻找dns/history/audit/sysctl等参数配置
# cat /srv/salt/base/init/env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
⑥编写入口文件top.sls
# cat /srv/salt/base/top.sls
base:
'*':
- init.env_init
进行配置测试,发现报错:
# salt '*' state.highstate test=True
mini1:
Data failed to compile:
----------
Detected conflicting>
The conflicting> node2.chinasoft.com:
Data failed to compile:
----------
Detected conflicting>
The conflicting> 原因:/etc/profile这个ID重复
将 audit.sls 这个/etc/profile改为/etc/bashrc即可
再次执行配置变更即可:
# salt '*' state.highstate
页:
[1]