|
States配置管理
States是Saltstack中的配置语言,在日常进行配置管理时需要编写大量的States SLS文件,而编写这些SLS文件的一般步骤也就是我们平时手动配置一台服务器的步骤:首先安装源码包,然后管理一个配置文件,最后再保证这个服务的开机启动及正常运行。其中使用到的states模块功能需要我们一边学习一边实践加强理解。
接下来,我们通过一个简单的例子来理解Saltstack配置管理的基本原理--安装keepalived 1)修改master配置文件的file_roots根目录地址 1
2
3
4
5
| [iyunv@saltstack-node1 ~]# vim /etc/salt/master
file_roots:
base:
- /srv/salt
[iyunv@saltstack-node1 ~]# systemctl restart salt-master
|
2)创建states sls文件 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| [iyunv@saltstack-node1 ~]# cd /srv/salt/
[iyunv@saltstack-node1 salt]# mkdir keepalived
[iyunv@saltstack-node1 salt]# cd keepalived/
[iyunv@saltstack-node1 keepalived]# mkdir files #创建一个files文件来存放我们的源码包和配置文件
[iyunv@saltstack-node1 keepalived]# cd /srv/salt/keepalived/files/
[iyunv@saltstack-node1 files]# rz #我们rz上传一个keepalived源码包
[iyunv@saltstack-node1 files]# ll
total 236
-rw-r--r-- 1 root root 239438 Oct 8 2016 keepalived-1.2.1.tar.gz
[iyunv@saltstack-node1 files]# cd ..
[iyunv@saltstack-node1 keepalived]# vim install.sls
/application/tools: # ID声明,在配置管理高级状态中,这个ID必须唯一
file.directory: # State声明,也可以叫状态声明(新建一个新文件夹)
- user: root # 选项声明
- group: root
- mode: 755
- makedirs: True
keepalived-install: # ID声明的第二种写法也可以这么写,表明以下管理功能
file.managed: # 管理一个文件
- name: /application/tools/keepalived-1.2.1.tar.gz
- source: salt://keepalived/files/keepalived-1.2.1.tar.gz
- user: root
- group: root
- mode: 755
cmd.run: # 调用系统命令来执行解压和安装
- name: cd /application/tools/ && tar zxf keepalived-1.2.1.tar.gz && cd keepalived-1.2.1 && ./configure --prefix=/application/keepalived --disable-fwmark && make && make install
- unless: test -d /application/keepalived # unless作用是先决条件,如果这么文件夹存在就不再重复执行上面的make和make insall安装命令,节省时间
- require: # require是各ID之间的依赖,意思是只有keepalived-install下面的压缩包存在才会继续执行
- file: keepalived-install
|
上面的install.sls就是我们需要编辑的states SLS文件格式了,其中最主要的就是ID声明和状态声明,ID不能唯一,状态模块使用可以查看帮助文档,功能还是十分丰富和完善的 1
| https://www.unixhot.com/docs/saltstack/ref/states/all/index.html
|
3)执行配置管理安装keepalived 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [iyunv@saltstack-node1 keepalived]# salt '*' state.sls keepalived.install
...
Summary for saltstack-node2.lichengbing.com
------------
Succeeded: 3 (changed=1)
Failed: 0
------------
Total states run: 3
Total run time: 21.593 s
Summary for saltstack-node1.lichengbing.com
------------
Succeeded: 3 (changed=1)
Failed: 0
------------
Total states run: 3
Total run time: 22.882 s
|
到这里,我们远程配置批量安装keepalived就算完成了,接下来就是拷贝配置文件和启动服务
4)配置文件 因为Keepalived分为主、备节点,一些配置在主节点和备节点上是不同的。如果按照传统的配置管理下发配置文件是行不通的,因为所有的下发文件都是一样,让我们一台台去修改还是比较痛苦的,所以我们需要借用Jinja模板来帮助我们完成配置文件的管理,文章下面有Jinja模板的介绍 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| [iyunv@saltstack-node1 files]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
saltstack@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}}
}
vrrp_instance haproxy_ha {
state {{STATEID}}
interface eth0
virtual_router_id 36
priority {{PRIORITYID}}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.184
}
}
|
配置正确的服务启动参数 1
2
3
4
5
6
7
8
9
10
11
12
13
14
| [iyunv@saltstack-node1 files]# vim keepalived.sysconfig
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp -P Only run with VRRP subsystem.
# --check -C Only run with Health-checker subsystem.
# --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.
# --dump-conf -d Dump the configuration data.
# --log-detail -D Detailed log messages.
# --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
#
KEEPALIVED_OPTIONS="-D"
|
5)继续编写installer.sls文件,在后面添加 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
| [iyunv@saltstack-node1 keepalived]# vim install.sls
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
- mode: 644
- user: root
- group: root
/etc/init.d/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.init
- mode: 755
- user: root
- group: root
keepalived-init:
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: /etc/init.d/keepalived
/etc/keepalived:
file.directory:
- user: root
- group: root
keepalived-server:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/files/keepalived.conf
- mode: 644
- user: root
- group: root
- template: jinja
{% if grains['fqdn'] == 'saltstack-node1.lichengbing.com' %}
- ROUTEID: haproxy_ha
- STATEID: MASTER
- PRIORITYID: 150
{% elif grains['fqdn'] == 'saltstack-node2.lichengbing.com' %}
- ROUTEID: haproxy_ha
- STATEID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-server
|
6)启动文件 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
| [iyunv@saltstack-node1 files]# cat keepalived.init
#!/bin/sh
#
# Startup script for the Keepalived daemon
#
# processname: keepalived
# pidfile: /var/run/keepalived.pid
# config: /etc/keepalived/keepalived.conf
# chkconfig: - 21 79
# description: Start and stop Keepalived
# Source function library
. /etc/rc.d/init.d/functions
# Source configuration file (we set KEEPALIVED_OPTIONS there)
. /etc/sysconfig/keepalived
RETVAL=0
prog="keepalived"
start() {
echo -n $"Starting $prog: "
daemon /application/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS} #修改正确的启动地址
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
}
stop() {
echo -n $"Stopping $prog: "
killproc keepalived
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
}
reload() {
echo -n $"Reloading $prog: "
killproc keepalived -1
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
status)
status keepalived
RETVAL=$?
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
|
7)执行配置管理启动所有服务 1
| [iyunv@saltstack-node1 keepalived]# salt '*' state.sls keepalived.install
|
Jinja
Saltstack除了使用了YAML语言以外,我们还需要学习一点jinja语法知识,因为在配置管理中经常会用到,这也是saltstack能真正实现高度自动化配置的一个重要技能
Jinja是现代的,设计者友好的,仿照Django模板的Python模板语言,是基于pythonde 模板引擎,功能类似于PHP的smarty,J2EE的Freemarker,由于速度快,被广泛开发者接受并使用。
Jinja在saltstack中的作用
yaml_jinja工作流程是先用jinja2模板引擎处理SLS,然后再调用YAML解析器。所以在开始解析YAML之前,我们可以使用jinja干一些我们想干的事情,比如:定义一个类似变量或者表达式;模板引用
1)变量 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| [iyunv@saltstack-node1 keepalived]# vim install.sls #借配置管理的一个sls文件演示,有时候我们使用的源码包可能要换不一样的版本,一处处修改或者替换会出问题,这个定义变量的形式就比较方便了
{% set keepalived_tar = 'keeplived-1.2.17.tar.gz' %} # 用{%...%}符号定义
{% set keepalived_source = 'salt://modules/keepalived/files/keepalived-1.2.17.tar.gz' %}
keepalived-install:
file.managed:
- name: /usr/local/src/{{ keepalived_tar }} # 这里用{{...}}引用
- source: {{ keepalived_source }}
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file: keepalived-install
|
2)模板引用 这里我们以keepalived自定义配置文件为例(keepalived的master和backup优先级还有routeid要单独指定),演示jinja在saltstack中的作用 我们以修改在进行配置模板引用的时候分三个步骤
a. 告诉模块,你使用的使用的是jinja模板 b. 你出你要的参数列表
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| [iyunv@linux-node2 cluster]# vim haproxy-outside-keepalived.sls
keepalived-server:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.conf
- mode: 644
- user: root
- group: root
- template: jinja # 告诉模板文件,这是一个jinja模板
{% if grains['fqdn'] == 'saltstack-node1.lichengbing.cn' %} # 这里是借助grains自定义
如果hostname为saltstack-node1.lichengbing.cn的主机定义以下参数
- ROUTEID: haproxy_ha # 列出我们要自定义的参数
- STATEID: MASTER
- PRIORITYID: 150
{% elif grains['fqdn'] == 'saltstack-node2.lichengbing.cn' %}
- ROUTEID: haproxy_ha
- STATEID: BACKUP
- PRIORITYID: 100
{% endif %}
|
c. 最后再进行模板引用 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| [iyunv@linux-node2 files]# vim haproxy-outside-keepalived.conf
global_defs {
notification_email {
saltstack@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}} # 引用定义好的参数ROUTEID
}
vrrp_instance haproxy_ha {
state {{STATEID}} # 引用定义好的参数STATEID
interface eth0
virtual_router_id 36
priority {{PRIORITYID}} # 引用定义好的参数PRIORITYI
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.179
}
}
|
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2016-10-9 09:42:24
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡