超哥 SaltStack配置管理–状态间的关系
文章目录
[隐藏]
- 1、include的引用
- 2、extend的使用
- 3、require和require_in的使用
- 4、watch和watch_in的使用
- 5、unless:状态间的条件判断
1、include的引用
需求场景:用于含有多个SLS的状态,使用include可以进行多个状态的组合
[root@linux-node1 prod]# pwd /srv/salt/prod [root@linux-node1 prod]# vim lamp.sls include: - apache.init - php.init - mysql.init [root@linux-node1 prod]# vim ../base/top.sls prod: 'linux-node1.example.com': - lamp [root@linux-node1 prod]# salt -S "192.168.56.11" state.highstate linux-node1.example.com: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: All specified packages are already installed Started: 09:29:20.324067 Duration: 984.864 ms Changes: ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf is in the correct state Started: 09:29:21.311111 Duration: 50.95 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: The service httpd is already running Started: 09:29:21.362769 Duration: 52.404 ms Changes: ---------- ID: php-install Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 09:29:21.415555 Duration: 0.693 ms Changes: ---------- ID: php-config Function: file.managed Name: /etc/php.ini Result: True Comment: File /etc/php.ini is in the correct state Started: 09:29:21.416438 Duration: 15.578 ms Changes: ---------- ID: mysql-install Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 09:29:21.432162 Duration: 0.542 ms Changes: ---------- ID: mysql-config Function: file.managed Name: /etc/my.cnf Result: True Comment: File /etc/my.cnf is in the correct state Started: 09:29:21.432807 Duration: 38.858 ms Changes: ---------- ID: mysql-service Function: service.running Name: mariadb Result: True Comment: The service mariadb is already running Started: 09:29:21.471799 Duration: 38.431 ms Changes: Summary for linux-node1.example.com ------------ Succeeded: 8 Failed: 0 ------------ Total states run: 8 Total run time: 1.182 s 2、extend的使用
需求场景:软件包安装的时候,需求假设:只在node1上按装php-mbstring包,其他的机器不安装。
[root@linux-node1 prod]# pwd /srv/salt/prod [root@linux-node1 prod]# vim lamp.sls include: - apache.init - php.init - mysql.init extend: php-install: pkg.installed: - name: php-mbstring [root@linux-node1 prod]# salt -S "192.168.56.11" state.highstate 3、require和require_in的使用
require:我依赖谁
require_in:我被谁依赖
需求场景:如果安装不成功或者配置httpd不成功,不启动httpd
(1)require使用 [root@linux-node1 apache]# pwd /srv/salt/prod/apache [root@linux-node1 apache]# systemctl stop httpd [root@linux-node1 apache]# vim init_require.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd1.conf----->将此处的文件改错,模拟配置错误 - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - require:---------------------------->使用require,表示依赖 - pkg: apache-install--------------->依赖的状态模块为pkg模块,id为apache-install - file: apache-config--------------->依赖的状态模块为file模块,id为apache-config [root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate #执行模块提示会有报错,此时httpd不会正常启动 ...... ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: False Comment: Source file salt://apache/files/httpd1.conf not found Started: 09:48:33.459243 Duration: 40.414 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: False Comment: One or more requisite failed: apache.init.apache-config Changes: ---------- ...... Summary for linux-node1.example.com ------------ Succeeded: 6 Failed: 2 ------------ Total states run: 8 Total run time: 1.110 s [root@linux-node1 apache]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: inactive (dead) since Sat 2018-01-20 09:44:04 CST; 4min 59s ago Docs: man:httpd(8) man:apachectl(8) Process: 65439 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS) Main PID: 1025 (code=exited, status=0/SUCCESS) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" Jan 17 10:41:59 linux-node1 systemd[1]: Starting The Apache HTTP Server... Jan 17 10:42:02 linux-node1 systemd[1]: Started The Apache HTTP Server. Jan 18 03:49:02 linux-node1 systemd[1]: Reloaded The Apache HTTP Server. Jan 20 09:43:53 linux-node1 systemd[1]: Stopping The Apache HTTP Server... Jan 20 09:44:04 linux-node1 systemd[1]: Stopped The Apache HTTP Server. (2)require_in使用 [root@linux-node1 apache]# vim init_require_in.sls apache-install: pkg.installed: - name: httpd - require_in:------------------>被依赖 - service: apache-service---->被依赖的模块是service,id为apache-service apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 - require_in: - service: apache-service apache-service: service.running: - name: httpd - enable: True 解释说明:require和require_in都能实现依赖的功能,主动和被动的关系不同 4、watch和watch_in的使用
需求场景:监控配置文件变动,重启服务或重载服务
[root@linux-node1 apache]# pwd /srv/salt/prod/apache [root@linux-node1 apache]# vim init_watch.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - watch:---------------------->使用watch - file: apache-config------->监控的模块为file,id为apache-config [root@linux-node1 apache]# vim files/httpd.conf #随意修改配置文件 [root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate ...... ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated Started: 10:07:14.430189 Duration: 55.133 ms Changes: ---------- diff: --- +++ @@ -1,4 +1,5 @@ # +#hahahaaha--------------->检测到配置文件增加的内容 #hahahaaha # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service restarted---------------------->将服务重启 Started: 10:07:14.533852 Duration: 1219.798 ms Changes: ---------- httpd: True ...... #增加reload参数,让服务重载 [root@linux-node1 apache]# vim init_watch.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - reload: True----------------------------------->增加参数重载 - watch: - file: apache-config [root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate ---------- ID: apache-config Function: file.managed Name: /etc/httpd/conf/httpd.conf Result: True Comment: File /etc/httpd/conf/httpd.conf updated------>检测文件有变化 Started: 10:10:08.493557 Duration: 53.016 ms Changes: ---------- diff: --- +++ @@ -1,4 +1,5 @@ # +#hahahaaha #hahahaaha #hahahaaha # This is the main Apache HTTP server configuration file. It contains the ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service reloaded---------------->服务重载 Started: 10:10:08.596434 Duration: 158.753 ms Changes: ---------- httpd: True ---------- #watch_in的使用和require_in是一样的 5、unless:状态间的条件判断
需求场景:给apache的admin目录进行加密登陆查看
(1)修改配置文件,添加认证功能 [root@linux-node1 apache]# vim files/httpd.conf <Directory "/var/www/html/admin"> AllowOverride All Order allow,deny Allow from all AuthType Basic AuthName "haha" AuthUserFile /etc/httpd/conf/htpasswd_file Require user admin </Directory> (2)修改状态文件init.sls [root@linux-node1 apache]# vim init.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 apache-auth: pkg.installed: - name: httpd-tools cmd.run:------>使用cmd模块的run方法 - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin---->生成密码文件 - unless: test -f /etc/httpd/conf/htpasswd_file---->unless判断条件,test -f判断为假则执行。即htpasswd文件如果不存在就执行生成密码 apache-service: service.running: - name: httpd - enable: True - reload: True - watch: - file: apache-config [root@linux-node1 apache]# salt -S "192.168.56.11" state.highstate ...... ---------- ID: apache-auth Function: cmd.run Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin Result: True Comment: Command "htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin" run Started: 10:34:54.930867 Duration: 48.152 ms Changes: ---------- pid: 4166 retcode: 0 stderr: Adding password for user admin stdout: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service reloaded Started: 10:34:55.014468 Duration: 162.844 ms Changes: ---------- httpd: True ...... 浏览器访问192.168.56.11/admin/index.html会出现密码验证
原文出处:51cto -> http://blog.51cto.com/jinlong/2063206
本站所发布的一切资源仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如果侵犯你的利益,请发送邮箱到 [email protected],我们会很快的为您处理。
