远程执行模块的执行是过程式的,而状态是对minion的一种描述和定义,管理人员不关心部署任务如何完成的,只需要描述minion的状态描述。
它的核心是写sls(SaLt State file)文件,sls文件默认格式是YAML格式,并默认使用jinja模板,jinja是根据django的模板语言发展而来的语言,简单并强大,支持for if 等循环判断。salt state主要用来描述系统,软性,服务,配置文件的状态,常常被称为配置管理!也是saltstack第二大作用。
通常state,pillar,top file会用sls文件来编写。state文件默认是放在/srv/salt中,它与你的master配置文件中的file_roots设置有关
YAML使用固定缩进方案来表示数据层之间的关系
Salt要求每个级别的缩进恰好包含两个空格
短划线表示列表中的项目
键值对由键:值表示
注:
1.键值对有两种方法
a. 通过缩进
key:
value
b.key: value
从而出现两个格式:
install man: pkg.installed: - pkgs: - man - lrzsz 或 install man: pkg: - installed - pkgs: - man - lrzsz
常见salt.state参考官方文档http://docs.saltstack.cn/ref/states/all/
[root@Management-Machine-140 salt]# cat install-man.sls install-man: pkg.installed: - pkgs: - man # 运行state文件 salt://install-man 或者salt://install-man/init.sls # 当运行多个state文件时需要用,分隔 [root@Management-Machine-140 salt]# salt '136' state.apply install-man 136: ---------- pkg_|-install-man_|-install-man_|-installed: ---------- __run_num__: 0 changes: ---------- comment: All specified packages are already installed. duration: 486.575 name: man result: True start_time: 12:37:11.724423 [root@Management-Machine-140 salt]# salt '136' state.sls install-man 136: ---------- ID: install-man Function: pkg.installed Result: True Comment: The following packages were installed/updated: man Started: 12:37:58.908953 Duration: 14618.591 ms Changes: ---------- man: ---------- new: 1.6f-39.el6 old: Summary ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1
saltstack执行模块state介绍:
1.state.apply会将highdata缓存到minion端(high data是组成sls文件的块,而多个sls文件通过top.sls文件内的一个环境使用就组成了 highstate了)
state.apply会调用state.highstate 或者 state.sls,这个基于后面的参数。分为以下两种
a. salt '*' state.apply 会执行top.sls state文件。
b. salt '*' state.apply install-man 执行salt://install-man 或者salt://install-man/init.sls
2.当执行state.highstate方法时,salt会自动编译在top.sls中的所有sls文件,编译到单独的definition中,称为highstate。
3.state.sls 执行一个或多个sls文件
常用状态模块:
1.file状态模块,https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
a. file.managed 下发文件,managed的参数非常多,source,name(绝对路径),user,group,mode
/etc/hosts: file.managed: - name: /data/backup/hosts # - source: #可以是master端的salt:// 可以是minion端的salt:// 也可以是 - salt://files/hosts #可以配置多个源,但是只有一个生效,当第一个生效时,后面的源将失效 - user: root - group: root - mode: 644
若配置文件用模版+grains/pillar编写,需要指定template参数。动态下发配置文件。
配置文件内容如下: [root@Management-Machine-140 salt]# cat files/test.j2 {% if grains['num_cpus'] >= '8' %} cpu-num = {{ grains['num_cpus'] }} {% elif grains['mem_total'] >= '1024' %} total_mem = {{ grains['mem_total'] }} {% elif grains['id'] == '136' %} this is test for template. {% endif %} [root@Management-Machine-140 salt]# [root@Management-Machine-140 salt]# cat host_file.sls #未指定template /tmp/aa.log: file.managed: - source: - salt://files/test.j2 - salt://files/hosts1 # - name: /tmp/aa.log - user: root - group: root - mode: 644 [root@Management-Machine-140 salt]# salt '136' state.sls host_file [root@WebA-136 base]# cat /tmp/aa.log #136客户端文件内容显示: {% if grains['num_cpus'] >= '8' %} cpu-num = {{ grains['num_cpus'] }} {% elif grains['mem_total'] >= '1024' %} total_mem = {{ grains['mem_total'] }} {% elif grains['id'] == '136' %} this is test for template. {% endif %} [root@Management-Machine-140 salt]# cat host_file.sls #指定template /tmp/aa.log: file.managed: - source: - salt://files/test.j2 - salt://files/hosts1 # - name: /tmp/aa.log - user: root - group: root - mode: 644 - template: jinja [root@WebA-136 base]# cat /tmp/aa.log this is test for template. [root@WebA-136 base]#
注意点:
1. name参数的使用,官方给定的是The location of the file to manage, as an absolute path.以绝对路径指定被管理文件的位置,此参数可省略,每个sls文件都有一个默认参数就 是name,即sls的唯一ID标识。
2. source可使用2个源,只会有一个生效。
3. 若管理的文件在目标上不存在,则新建文件并下发内容。
b. file.directory 创建或管理目录
参数 name,user,group,dir_mode,file_mode,recurse(递归处理属性和权限,salt进程监控,可以包含user,group,dir_mod,file_mode)
[root@Management-Machine-140 salt]# cat directory-test.sls create-directory: file.directory: - name: /data/directory-140/ - user: one - group: one - dir_mode: 711 - file_mode: 611 - recurse: - user - group - mode
注意点
1.不可以递归创建目录。
c. file.symlink 建立软链接
symlink-test: file.symlink: - name: /data/test.symlink #软连接 - target: /srv/salt/files/aa.log #目标链接 [root@WebA-136 data]# ls -l test.symlink lrwxrwxrwx. 1 root root 22 11月 16 12:05 test.symlink -> /srv/salt/files/aa.log [root@WebA-136 data]#
d. file.recurse 递归下发目录
[root@Management-Machine-140 salt]# vim recurse-test.sls test-recurse: file.recurse: - name: /data/ - source: salt://recurse - user: root - group: root - dir_mode: 755 - file_mode: 611
2.pkg状态模块,官方地址https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html
a. pkg.installed,参数name(安装一个),pkgs/sources(可安装多个),skip_verify=True表示跳过GPG验证
[root@Management-Machine-140 salt]# cat install-man.sls install man: pkg.installed: {% if grains['id'] == '136' %} - pkgs: - man - lrzsz {% endif %} [root@Management-Machine-140 salt]# salt '136' state.sls install-man 136: ---------- pkg_|-install man_|-install man_|-installed: ---------- __run_num__: 0 changes: ---------- lrzsz: ---------- new: 0.12.20-27.1.el6 old: man: ---------- new: 1.6f-39.el6 old: comment: The following packages were installed/updated: lrzsz, man duration: 5869.586 name: install man result: True start_time: 14:16:10.032028 [root@Management-Machine-140 salt]# mypkgs: pkg.installed: - sources: - foo: salt://rpms/foo.rpm - bar: http://somesite.org/bar.rpm - baz: ftp://someothersite.org/baz.rpm - qux: /minion/path/to/qux.rpm
注意点:1.软件包名称后面可以加版本号来指定安装的版本
3.service状态模块,官方地址https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html
a.service.running(确保服务已启动),可加参数name,enable(Ture,False)
[root@Management-Machine-140 salt]# cat service-running.sls service-running: service.running: - name: crond [root@Management-Machine-140 salt]# salt '136' state.sls service-running 136: ---------- service_|-service-running_|-crond_|-running: ---------- __run_num__: 0 changes: ---------- comment: The service crond is already running duration: 29.927 name: crond result: True start_time: 15:58:14.902921
注意点
1.可加入watch参数,若配置文件被更改,则执行重启操作。
b.service.dead,可加参数name,enable(Ture,False)
[root@Management-Machine-140 salt]# cat service-dead.sls service-dead: service.dead: - name: crond - enable: Ture [root@Management-Machine-140 salt]# salt '136' state.sls service-dead 136: ---------- service_|-service-dead_|-crond_|-dead: ---------- __run_num__: 0 changes: ---------- crond: True comment: Service crond was killed duration: 153.498 name: crond result: True start_time: 15:51:21.887717
4.cron状态模块,官方地址:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cron.html
salt中管理cron调度,参数有minute,hour,daymonth,month,dayweek。*代表任意时刻。
a.cron.present为指定的用户创建crontab任务,参数有name(command),user,minute,hour,daymonth,month,dayweek
b.cron.absent 删除指定的crontab任务,参数有name(command),user。
[root@Management-Machine-140 salt]# cat cron-* cron-absent: cron.absent: - name: /usr/sbin/ntpdate ntp1.aliyun.com - user: root cron-present: cron.present: - user: root - name: /usr/sbin/ntpdate ntp1.aliyun.com - minute: '*/1' [root@Management-Machine-140 salt]#
5.user状态模块,官方地址:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html
a.user.absent删除用户,参数name指定用户名,参数purge删除用户的所有文件,force强制删除,即使用户在登录中。
[root@Management-Machine-140 salt]# cat user-absent.sls user-absent: user.absent: - name: yang1 - purge: Ture #建议不使用 - force: Ture #FreeBSD和Solaris系统不支持 [root@Management-Machine-140 salt]# salt '136' state.sls user-absent 136: ---------- user_|-user-absent_|-yang1_|-absent: ---------- __run_num__: 0 changes: ---------- yang1: removed yang1 group: removed comment: Removed user yang1 duration: 140.084 name: yang1 result: True start_time: 17:59:12.573481
b.user.present,参数有name(新增用户名称),uid(指定uid),gid_from_name(Ture,设置与name一样的组),gid(指定gid),groups(可添加的组,列表),optional_groups(可添加的组),remove_groups(从组中删除用户),home(指定家目录 此目录可不存在,默认系统自行创建),createhome(为False则不创建),nologinit(不会加入lastlog and faillog数据库中),shell(指定shell),system(Ture False),password(指定密码),date(密码最后更改日期),mindays(密码更改之间最小天数),maxdays(密码更改之间最大天数),inactdays(密码锁定前的天数),warndays(到期之前警告天数),expire(到期日期)。-----------重要
user-present: user.present: - name: lisan - uid: 1666 - gid: 1667 - gid_from_name: True - groups: - yanghaifu - yanghaifu1 - home: /home/lisan - createhome: True - shell: /bin/bash - system: False - password: "123456" - expire: 100
6.group状态模块创建和管理组,官方地址:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.group.html
a.group.absent 删除组,仅能删除空组,没有用户使用这个组的。就一个name参数。
group-absent: group.absent: - name: tes
7.group.present 新建或修改组,参数 name(组名),gid(指定gid),system(True,False是否系统组),addusers(添加成员列表,可以与delusers同时使用但成员不可以重复,不可以与members同时使用),delusers(删除成员列表,可以与addusers同时使用但成员不可以重复,不可以与members同时使用),members(使用新成员列表替换旧成员列表)
[root@Management-Machine-140 salt]# cat group-present.sls group-present: group.present: - name: yan - gid: 6661 - addusers: - ma - delusers: - yan
8.mount状态模块,官方地址:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.mount.html
a.mount.mounted,参数有name(挂载路径),device(需要挂载的设备名称),fdtype(指定文件系统类型),mkmnt(False若挂载点不存在则失败,Ture若挂载点不存在则创建挂载点),opts(挂载参数,列表或,后分隔),dump(是否备份,默认0),pass_num(是否检查磁盘,默认0),config(备用配置文件,默认/etc/fstab),persist(设置挂载保存在/etc/fstab中,默认ture),mount(是否立即挂载,默认Ture),user(可以执行挂载的用户)
[root@Management-Machine-140 salt]# salt '136' state.sls mount-mounted 136: ---------- mount_|-mount-mounted_|-/mnt_|-mounted: ---------- __run_num__: 0 changes: ---------- mount: True persist: new comment: Target was successfully mounted. Added new entry to the fstab. duration: 99.218 name: /mnt result: True start_time: 08:35:49.166237 [root@Management-Machine-140 salt]# [root@WebA-136 ~]# tail -1 /etc/fstab #自动挂载到/etc/fstab上了 /dev/sdb1 /mnt ext4 defaults 0 0 [root@Management-Machine-140 salt]# cat mount-mounted.sls #LABEL挂载,不写入fstab中 mount-mounted: mount.mounted: - name: /mnt - device: LABEL=xiaofan - fstype: ext4 - mkmnt: True - dump: 0 - pass_num: 2 - persist: False - opts: - defaults [root@Management-Machine-140 salt]# salt '136' state.sls mount-mounted 136: ---------- mount_|-mount-mounted_|-/mnt_|-mounted: ---------- __run_num__: 0 changes: ---------- mount: True comment: Target was successfully mounted duration: 72.311 name: /mnt result: True start_time: 09:30:42.856541 [root@Management-Machine-140 salt]# [root@Management-Machine-140 salt]# salt '136' state.sls mount-mounted #挂载到一个新目录下。 136: ---------- mount_|-mount-mounted_|-/data/test-mount_|-mounted: ---------- __run_num__: 0 changes: ---------- mount: True persist: new comment: Target was successfully mounted. Added new entry to the fstab. #返回值 duration: 72.704 name: /data/test-mount #新目录 result: True start_time: 09:33:01.275919 [root@Management-Machine-140 salt]#
mount.unmounted,卸载挂载,参数name(要卸载的目录),device(要卸载的设备,不可使用LABEL),persist(是否将/etc/fstab中去除挂载信息,默认False)
[root@Management-Machine-140 salt]# cat mount-unmounted.sls mount-unmounted: mount.unmounted: - name: /data/test-mount - device: /dev/sdb1 - persist: False [root@Management-Machine-140 salt]# salt '136' state.sls mount-unmounted 136: ---------- mount_|-mount-unmounted_|-/data/test-mount_|-unmounted: ---------- __run_num__: 0 changes: ---------- umount: True comment: Target was successfully unmounted duration: 31.89 name: /data/test-mount result: True start_time: 09:45:14.309398
9.cmd状态模块,官方地址:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html
cmd.run:参数
name: 要执行的命令,记住该命令将会在salt-minion的路径和权限下执行。
onlyif:一个用于检查的命令,仅当onlyif选项指向的命令返回true时才执行name指向的命令
unless:用于检查的命令,仅当``unless``选项指向的命令返回false时才执行name指向的命令
cwd: 执行命令时的当前工作目录,默认是/root
user: 以指定用户身份运行命令
group: 以指定用户组身份运行命令
shell: 用于执行命令的shell,默认shell grain
env: 设置执行命令的环境变量
stateful:定制执行结果返回状态和信息
umask:当命令运行时使用的umask(八进制数)。
output_loglevel:定义输出的日志级别
quiet:output_loglevel: quiet
timeout:如果命令在超时秒数到达时还未终止,发送子进程信号sigterm,并且如果sigterm被忽略,就接着发送sigkill
ignore_timeout:忽略命令的超时时间,可使用nohup运行过程。
creates:测试指定文件是否存在,不存在就执行
use_vt:实验性的一个命令
[root@Management-Machine-140 salt]# cat run-test2.sls '> /var/log/messages': cmd.run: - unless: echo 'foo' > /tmp/.test && rm -f /tmp/.test [root@Management-Machine-140 salt]# [root@Management-Machine-140 salt]# salt '136' state.sls run-test2 136: ---------- cmd_|-> /var/log/messages_|-> /var/log/messages_|-run: ---------- __run_num__: 0 changes: ---------- comment: unless execution succeeded #unless执行成功,则不执行name行 duration: 10.204 name: > /var/log/messages result: True skip_watch: True start_time: 11:46:49.032579
2.实例:
[root@Management-Machine-140 salt]# cat run-test3.sls /root/test.sh: cmd.run: - onchanges: - pkg: man file.managed: - source: salt://test.sh - mode: 755 man: pkg.installed: - require: - file: /root/test.sh [root@Management-Machine-140 salt]# salt '136' state.sls run-test3 136: ---------- cmd_|-/root/test.sh_|-/root/test.sh_|-run: ---------- __run_num__: 2 changes: ---------- pid: 18737 retcode: 0 stderr: stdout: Working hard... changed=yes comment='something has changed' whatever=123 comment: Command "/root/test.sh" run duration: 30.435 name: /root/test.sh result: True start_time: 11:54:27.704460 file_|-/root/test.sh_|-/root/test.sh_|-managed: ---------- __run_num__: 0 changes: ---------- diff: New file mode: 0755 comment: File /root/test.sh updated duration: 11.328 name: /root/test.sh result: True start_time: 11:54:20.631732 pkg_|-man_|-man_|-installed: ---------- __run_num__: 1 changes: ---------- man: ---------- new: 1.6f-39.el6 old: comment: The following packages were installed/updated: man duration: 7054.052 name: man result: True start_time: 11:54:20.643293
10.sysctl状态模块
sysctl.present,参数name,value,config
vm.swappiness: sysctl.present: - value: 20