saltstack的深入-highstate试用

配置测试用途的salt-master服务，并在其他的测试机上配置salt-minion

一、基础环境
1、在tvm-rpm的基础上，更新hostname=tvm-saltmaster，配置salt-master服务。
2、网络：
eth0：host-only（用于虚拟内网，手动固定IP，这样从宿主机可以直接连接到这个vm）
eth1：NAT（用于上外网，动态IP）
[[email protected] ~]# cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]# cat ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=192.168.56.253
PREFIX=24
GATEWAY=192.168.56.1
DNS1=192.168.56.254

[[email protected] network-scripts]# cat ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=dhcp
DNS1=192.168.56.254

二、配置saltstack环境
1、安装salt-master
[[email protected] ~]# yum -y install salt-master
[[email protected] ~]# service salt-master start
防火墙放行TCP端口：4505:4506

2、更新dns服务器（tvm-yum）的解析
[[email protected] ~]# echo ‘192.168.56.253 salt-m.office.test‘ >>/etc/hosts
[[email protected] ~]# service dnsmasq restart
[[email protected] ~]# nslookup salt-m.office.test 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   salt-m.office.test
Address: 192.168.56.253

3、配置salt-minion
将tvm-yum，tvm-cobbler加入salt平台
[[email protected] bin]# cat saltstack-install-minion.sh 
#!/bin/bash
#
# 2015/7/20

salt_m=salt-m.office.test
yum install salt-minion -y

cp -a /etc/salt/minion /etc/salt/minion.bak
cat <<_EOF >/etc/salt/minion
master: ${salt_m}
id: $(hostname)

_EOF

service salt-minion start
cat /etc/salt/minion

4. 在salt-master上接受salt-minion的key
[[email protected] ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
tvm-cobbler
tvm-test
tvm-yum
Rejected Keys:
[[email protected] ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
tvm-cobbler
tvm-test
tvm-yum
Proceed? [n/Y] y
Key for minion tvm-cobbler accepted.
Key for minion tvm-test accepted.
Key for minion tvm-yum accepted.

测试：
[[email protected] ~]# salt ‘tvm*‘ test.ping
tvm-yum:
    True
tvm-cobbler:
    True
tvm-test:
    True

三、一个示例
[[email protected] salt]# cd /srv/salt/
1、更新salt-master的配置，调整file_roots：
[[email protected] salt]# mkdir /etc/salt/master.d/
[[email protected] salt]# cat /etc/salt/master.d/file_roots.conf
# Master file_roots configuration:
file_roots:
  base:
    - /srv/salt/base
  dev:
    - /srv/salt/dev
  qa:
    - /srv/salt/qa
  prod:
    - /srv/salt/prod
[[email protected] salt]# mkdir /srv/salt/{base,dev,qa,prod}/ -p
[[email protected] salt]# service salt-master restart

这样做的目的是：
将state trees 分别放入 dev, qa 和 prod 环境, 留下base环境提供通用的文件传输，此时前面3个环境的top.sls文件分别是类似这样的：
dev:
  ‘webserver*dev*‘:
    - webserver
  ‘db*dev*‘:
    - db
qa:
  ‘webserver*qa*‘:
    - webserver
  ‘db*qa*‘:
    - db
prod:
  ‘webserver*prod*‘:
    - webserver
  ‘db*prod*‘:
    - db

2、具体的测试工作
[[email protected] salt]# tree /srv/salt/
/srv/salt/
├── base
│   ├── monit
│   │   ├── init.sls
│   │   └── monit.d
│   │       ├── monit-mail.conf
│   │       └── salt-minion.conf
│   ├── salt
│   │   └── minion.sls
│   ├── top.sls
│   └── vim
│       ├── init.sls
│       └── vimrc
├── dev
│   ├── top.sls
│   └── web.sls
├── prod
│   ├── top.sls
│   └── web.sls
└── qa
    ├── dns
    │   ├── init.sls
    │   └── resolv.conf
    └── top.sls

9 directories, 14 files

1）首先我们看看base的配置
================------------------------==============base
[[email protected] salt]# cat base/top.sls
base:
    ‘*‘:
        - vim
        - monit
        - salt.minion
===================================================vim
[[email protected] salt]# cat base/vim/init.sls 
vim:
    pkg:
        - installed
        - name: {{ pillar[‘pkgs‘][‘vim‘] }}

/root/.vimrc:
    file.managed:
        - source: salt://vim/vimrc
        - require:
            - pkg: vim

对应的pillar是这样的：
=-------------------------------------------------=pillar
[[email protected] salt]# tree /srv/pillar/
/srv/pillar/
├── pkg
│   └── init.sls
└── top.sls

1 directory, 2 files     
[[email protected] salt]# cat /srv/pillar/top.sls 
base:
    ‘*‘:
        - pkg
[[email protected] salt]# cat /srv/pillar/pkg/init.sls 
pkgs:
    {% if grains[‘os_family‘] == ‘RedHat‘ %}
    vim: vim-enhanced
    {% elif grains[‘os_family‘] == ‘Debian‘ %}
    vim: vim
    {% elif grains[‘os‘] == ‘Arch‘ %}
    vim: vim
    {% endif %}
=-------------------------------------------------=pillar end
===================================================vim end
===================================================salt
[[email protected] salt]# cat base/salt/minion.sls 
salt-minion:
    pkg:
        - installed
    service:
        - running
===================================================salt end
===================================================monit
[[email protected] salt]# cat base/monit/init.sls 
monit:
    pkg:
        - installed
    service:
        - running

/etc/monit.d/monit-mail.conf:
    file.managed:
        - source: salt://monit/monit.d/monit-mail.conf
        - require:
            - pkg: monit

/etc/monit.d/salt-minion.conf:
    file.managed:
        - source: salt://monit/monit.d/salt-minion.conf
        - require:
            - pkg: monit
            - pkg: salt-minion
===================================================monit end
================------------------------==============base end
2）接着我们看其他几个环境的。
================------------------------==============dev, prod, qa
[[email protected] salt]# cat dev/top.sls
dev:
    ‘tvm-yum‘:
        - web
[[email protected] salt]# cat dev/web.sls 
httpd:
    pkg:
        - installed
[[email protected] salt]# cat prod/top.sls
prod:
    ‘tvm-cobbler‘:
        - web
[[email protected] salt]# cat prod/web.sls 
httpd:
    pkg:
        - installed
[[email protected] salt]# cat qa/top.sls 
qa:
    ‘tvm-test‘:
        - dns
[[email protected] salt]# cat qa/dns/init.sls 
/etc/resolv.conf:
    file.managed:
        - source: salt://dns/resolv.conf
[[email protected] salt]# cat qa/dns/resolv.conf 
================------------------------==============dev, prod, qa end

上述分别测试了以下内容：
所有对象，安装和运行vim，salt-minion，monit服务，并同步这些服务的相关配置。
针对指定的对象，安装httpd服务，或者更新dns的配置。

3、测试执行
[[email protected]ter salt]# salt ‘*‘ state.highstate test=True
tvm-test:
----------
          ID: /etc/resolv.conf
    Function: file.managed
      Result: None
     Comment: The file /etc/resolv.conf is set to be changed
     Started: 18:38:52.935362
    Duration: 3.926 ms
     Changes:   
              ----------
              diff:
                  ---  
                  +++  
                  @@ -1,2 +1,1 @@
                  -# Generated by NetworkManager
                   nameserver 192.168.56.254
----------
          ID: vim
    Function: pkg.installed
        Name: vim-enhanced
      Result: True
     Comment: Package vim-enhanced is already installed.
     Started: 18:38:52.939421
    Duration: 390.634 ms
     Changes:   
----------
          ID: /root/.vimrc
    Function: file.managed
      Result: None
     Comment: The file /root/.vimrc is set to be changed
     Started: 18:38:53.332316
    Duration: 2.383 ms
     Changes:   
              ----------
              newfile:
                  /root/.vimrc
----------
          ID: monit
    Function: pkg.installed
      Result: True
     Comment: Package monit is already installed.
     Started: 18:38:53.334811
    Duration: 0.519 ms
     Changes:   
----------
          ID: monit
    Function: service.running
      Result: None
     Comment: Service monit is set to start
     Started: 18:38:53.338162
    Duration: 29.414 ms
     Changes:   
----------
          ID: /etc/monit.d/monit-mail.conf
    Function: file.managed
      Result: None
     Comment: The file /etc/monit.d/monit-mail.conf is set to be changed
     Started: 18:38:53.371167
    Duration: 2.493 ms
     Changes:   
              ----------
              newfile:
                  /etc/monit.d/monit-mail.conf
----------
          ID: salt-minion
    Function: pkg.installed
      Result: True
     Comment: Package salt-minion is already installed.
     Started: 18:38:53.377105
    Duration: 0.628 ms
     Changes:   
----------
          ID: /etc/monit.d/salt-minion.conf
    Function: file.managed
      Result: None
     Comment: The file /etc/monit.d/salt-minion.conf is set to be changed
     Started: 18:38:53.380510
    Duration: 1.507 ms
     Changes:   
              ----------
              newfile:
                  /etc/monit.d/salt-minion.conf
----------
          ID: salt-minion
    Function: service.running
      Result: True
     Comment: The service salt-minion is already running
     Started: 18:38:53.383522
    Duration: 17.01 ms
     Changes:   

Summary
------------
Succeeded: 9 (unchanged=5, changed=4)
Failed:    0
------------
Total states run:     9
tvm-yum:
----------
          ID: vim
    Function: pkg.installed
        Name: vim-enhanced
      Result: True
     Comment: Package vim-enhanced is already installed.
     Started: 18:38:52.997489
    Duration: 543.976 ms
     Changes:   
----------
          ID: /root/.vimrc
    Function: file.managed
      Result: None
     Comment: The file /root/.vimrc is set to be changed
     Started: 18:38:53.585168
    Duration: 3.526 ms
     Changes:   
              ----------
              diff:
                  ---  
                  +++  
                  @@ -36,7 +36,7 @@
                   call append(line("."), "\# ")
                   call append(line(".")+1, "")
                   else
                  -call setline(1, "\#!/usr/local/bin/python3")
                  +call setline(1, "\#!/bin/env python")
                   call append(line("."), "\# ")     
                   call append(line(".")+1, "")
                   endif
----------
          ID: monit
    Function: pkg.installed
      Result: True
     Comment: Package monit is already installed.
     Started: 18:38:53.588771
    Duration: 0.4 ms
     Changes:   
----------
          ID: monit
    Function: service.running
      Result: None
     Comment: Service monit is set to start
     Started: 18:38:53.590614
    Duration: 45.839 ms
     Changes:   
----------
          ID: /etc/monit.d/monit-mail.conf
    Function: file.managed
      Result: None
     Comment: The file /etc/monit.d/monit-mail.conf is set to be changed
     Started: 18:38:53.638343
    Duration: 2.308 ms
     Changes:   
              ----------
              newfile:
                  /etc/monit.d/monit-mail.conf
----------
          ID: salt-minion
    Function: pkg.installed
      Result: True
     Comment: Package salt-minion is already installed.
     Started: 18:38:53.642663
    Duration: 0.421 ms
     Changes:   
----------
          ID: /etc/monit.d/salt-minion.conf
    Function: file.managed
      Result: None
     Comment: The file /etc/monit.d/salt-minion.conf is set to be changed
     Started: 18:38:53.644675
    Duration: 1.788 ms
     Changes:   
              ----------
              newfile:
                  /etc/monit.d/salt-minion.conf
----------
          ID: salt-minion
    Function: service.running
      Result: True
     Comment: The service salt-minion is already running
     Started: 18:38:53.648015
    Duration: 19.282 ms
     Changes:   
----------
          ID: httpd
    Function: pkg.installed
      Result: True
     Comment: Package httpd is already installed.
     Started: 18:38:53.667560
    Duration: 0.693 ms
     Changes:   

Summary
------------
Succeeded: 9 (unchanged=4, changed=3)
Failed:    0
------------
Total states run:     9
tvm-cobbler:
----------
          ID: vim
    Function: pkg.installed
        Name: vim-enhanced
      Result: True
     Comment: Package vim-enhanced is already installed.
     Started: 18:38:52.975341
    Duration: 539.106 ms
     Changes:   
----------
          ID: /root/.vimrc
    Function: file.managed
      Result: None
     Comment: The file /root/.vimrc is set to be changed
     Started: 18:38:53.563618
    Duration: 2.315 ms
     Changes:   
              ----------
              newfile:
                  /root/.vimrc
----------
          ID: monit
    Function: pkg.installed
      Result: None
     Comment: The following packages are set to be installed/updated: monit
     Started: 18:38:53.566013
    Duration: 1348.534 ms
     Changes:   
----------
          ID: monit
    Function: service.running
      Result: False
     Comment: The named service monit is not available
     Started: 18:38:54.916384
    Duration: 15.674 ms
     Changes:   
----------
          ID: /etc/monit.d/monit-mail.conf
    Function: file.managed
      Result: None
     Comment: The file /etc/monit.d/monit-mail.conf is set to be changed
     Started: 18:38:54.933968
    Duration: 2.129 ms
     Changes:   
              ----------
              newfile:
                  /etc/monit.d/monit-mail.conf
----------
          ID: salt-minion
    Function: pkg.installed
      Result: True
     Comment: Package salt-minion is already installed.
     Started: 18:38:54.938502
    Duration: 0.409 ms
     Changes:   
----------
          ID: /etc/monit.d/salt-minion.conf
    Function: file.managed
      Result: None
     Comment: The file /etc/monit.d/salt-minion.conf is set to be changed
     Started: 18:38:54.940479
    Duration: 1.426 ms
     Changes:   
              ----------
              newfile:
                  /etc/monit.d/salt-minion.conf
----------
          ID: salt-minion
    Function: service.running
      Result: True
     Comment: The service salt-minion is already running
     Started: 18:38:54.943468
    Duration: 14.437 ms
     Changes:   
----------
          ID: httpd
    Function: pkg.installed
      Result: True
     Comment: Package httpd is already installed.
     Started: 18:38:54.958084
    Duration: 0.562 ms
     Changes:   

Summary
------------
Succeeded: 8 (unchanged=4, changed=3)
Failed:    1
------------
Total states run:     9

4、执行
[[email protected] salt]# salt ‘*‘ state.highstate 

ZYXW、参考
1、doc
http://docs.saltstack.com/en/latest/ref/states/top.html