saltstack的探索-通过官网文档迅速了解salt
http://docs.saltstack.com/en/latest/SaltStackSalt, a new approach to infrastructure management, is easy enough to get running in minutes, scalable enough to manage tens of thousands of servers, and fast enough to communicate with those servers in seconds.Salt delivers a dynamic communication bus for infrastructures that can be used for orchestration, remote execution, configuration management and much more.Getting Started通过实例来迅速了解salt:Official Salt Walkthrough http://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html1. minion的idminion启动时,能自动生成一个id,也可以在配置文件中手动指定2. 接受minion的key之前,安全起见,可以打印minion's public key的指纹salt-key -f minion-idOn the master:# salt-key -f foo.domain.comUnaccepted Keys:foo.domain.com: 39:f9:e4:8a:aa:74:8d:52:1a:ec:92:03:82:09:c8:f9On the minion:# salt-call key.finger --locallocal: 39:f9:e4:8a:aa:74:8d:52:1a:ec:92:03:82:09:c8:f9If they match, approve the key with salt-key -a foo.domain.com3. 第一个命令salt '*' test.pingThe * is the target, which specifies all minions.test.ping tells the minion to run the test.ping function.In the case of test.ping, test refers to a execution module. ping refers to the ping function contained in the aforementioned test module.test是一个module,ping是这个module中的一个function类似的,还有一堆的moduleModule documentation is also available on the web.Full list of builtin execution modules http://docs.saltstack.com/en/latest/ref/modules/all/index.html4. Helpful Functions to Knowsalt '*' cmd.run 'ls -l /usr'test230: total 212 dr-xr-xr-x. 2 root root 69632 Feb 11 04:49 bin drwxr-xr-x. 2 root root 4096 Nov 1 2011 etc drwxr-xr-x. 2 root root 4096 Nov 1 2011 games drwxr-xr-x. 66 root root 12288 Feb 11 14:34 include dr-xr-xr-x. 30 root root 4096 Oct 14 14:32 lib dr-xr-xr-x. 107 root root 77824 Feb 11 13:35 lib64 drwxr-xr-x. 23 root root 12288 Dec 27 03:12 libexec drwxr-xr-x. 26 root root 4096 Feb 11 11:31 local dr-xr-xr-x. 2 root root 12288 Dec 27 03:12 sbin drwxr-xr-x. 213 root root 4096 Dec 26 14:28 share drwxr-xr-x. 4 root root 4096 Jul 30 2014 src lrwxrwxrwx. 1 root root 10 Mar 6 2014 tmp -> ../var/tmp salt '*' pkg.install rubytest230: ---------- compat-readline5: ---------- new: 5.2-17.1.el6 old: ruby: ---------- new: 1.8.7.374-3.el6_6 old: ruby-libs: ---------- new: 1.8.7.374-3.el6_6 old:[root@svr200-21 ~]# salt '*' cmd.run 'tail /var/log/messages -n 3'test230: Feb 11 15:10:50 test230 yum[11828]: Installed: compat-readline5-5.2-17.1.el6.x86_64 Feb 11 15:10:51 test230 yum[11828]: Installed: ruby-libs-1.8.7.374-3.el6_6.x86_64 Feb 11 15:10:52 test230 yum[11828]: Installed: ruby-1.8.7.374-3.el6_6.x86_64 [root@svr200-21 ~]# salt '*' network.interfacestest230: ---------- eth0: ---------- hwaddr: d4:3d:7e:32:17:d1 inet: |_ ---------- address: 192.168.1.230 broadcast: 192.168.1.255 label: eth0 netmask: 255.255.255.0 inet6: |_ ---------- address: fe80::d63d:7eff:fe32:17d1 prefixlen: 64 secondary: |_ ---------- address: 192.168.1.249 broadcast: None label: eth0 netmask: 255.255.255.0 type: inet up: True lo: ---------- hwaddr: 00:00:00:00:00:00 inet: |_ ---------- address: 127.0.0.1 broadcast: None label: lo netmask: 255.0.0.0 |_ ---------- address: 192.168.1.130 broadcast: 192.168.1.130 label: lo:0 netmask: 255.255.255.255 inet6: |_ ---------- address: ::1 prefixlen: 128 up: True5. GrainsSalt uses a system called Grains to build up static data about minions. This data includes information about the operating system that is running, CPU architecture and much more. The grains system is used throughout Salt to deliver platform data to many components and to users.Grains can also be statically set, this makes it easy to assign values to minions for grouping and managing.A common practice is to assign grains to minions to specify what the role or roles a minion might be. These static grains can be set in the minion configuration file or via the grains.setval function.6. TargetingSalt allows for minions to be targeted based on a wide range of criteria. The default targeting system uses globular expressions to match minions, hence if there are minions named larry1, larry2, curly1, and curly2, a glob of larry* will match larry1 and larry2, and a glob of *1 will match larry1 and curly1.Many other targeting systems can be used other than globs, these systems include:Regular ExpressionsTarget using PCRE-compliant regular expressionsGrainsTarget based on grains data: Targeting with GrainsPillarTarget based on pillar data: Targeting with PillarIPTarget based on IP address/subnet/rangeCompoundCreate logic to target based on multiple targets: Targeting with CompoundNodegroupTarget with nodegroups: Targeting with Nodegroup7. SALT STATESSalt States, or the State System is the component of Salt made for configuration management.The state system is built on SLS formulas. These formulas are built out in files on Salt's file server. To make a very basic SLS formula open up a file under /srv/salt named vim.sls. The following state ensures that vim is installed on a system to which that state has been applied.创建一个文件:/srv/salt/vim.sls:内容是:[root@svr200-21 salt]# cat vim.slsvim-enhanced: pkg.installedNow install vim on the minions by calling the SLS directly:安装vim:[root@svr200-21 salt]# salt '*' state.sls vimtest230:---------- ID: vim-enhanced Function: pkg.installed Result: True Comment: Package vim-enhanced is already installed. Started: 10:05:53.851780 Duration: 1044.131 ms Changes: Summary------------Succeeded: 1Failed: 0------------Total states run: 1This command will invoke the state system and run the vim SLS.这个命令会调入state system并执行对应的vim这个sls文件Now, to beef up the vim SLS formula, a vimrc can be added:增强一下,增加一个自定义的配置文件[root@svr200-21 salt]# cat /srv/salt/vim.sls:vim-enhanced: pkg.installed: []/root/.vimrc: file.managed: - source: salt://files/vim/vimrc - mode: 644 - uesr: root - group: root 执行:[root@svr200-21 salt]# salt '*' state.sls vimtest230:---------- ID: vim-enhanced Function: pkg.installed Result: True Comment: Package vim-enhanced is already installed. Started: 10:08:52.457087 Duration: 1041.624 ms Changes: ---------- ID: /root/.vimrc Function: file.managed Result: True Comment: File /root/.vimrc updated Started: 10:08:53.498852 Duration: 165.523 ms Changes: ---------- diff: New file mode: 0644Summary------------Succeeded: 2 (changed=1)Failed: 0------------Total states run: 28. Adding Some Depth显然在file server的根目录(/srv/salt/)下维护所有的sls文件扩展性不好,让我们增加一点目录层级的深度。Obviously maintaining SLS formulas right in a single directory at the root of the file server will not scale out to reasonably sized deployments. This is why more depth is required. 以安装nginx为例Start by making an nginx formula a better way, make an nginx subdirectory and add an init.sls file:/srv/salt/nginx/init.sls:[root@svr200-21 salt]# cat nginx/init.sls nginx: pkg.installed: [] service.running: - require: - pkg: nginxA few concepts are introduced in this SLS formula.First is the service statement which ensures that the nginx service is running.service这个语法,保障nginx服务是running状态的Of course, the nginx service can't be started unless the package is installed -- hence the require statement which sets up a dependency between the two.The require statement makes sure that the required component is executed before and that it results in success.当然,只有安装了nginx服务的包,才能启动nginx服务呀,所以,require语法保障了这样一个依赖关系,确保required的组件在之前已经被执行成功,这样才能去start这个服务。NoteThe require option belongs to a family of options called requisites. Requisites are a powerful component of Salt States, for more information on how requisites work and what is available see: Requisiteshttp://docs.saltstack.com/en/latest/ref/states/requisites.htmlAlso evaluation ordering is available in Salt as well: Ordering Stateshttp://docs.saltstack.com/en/latest/ref/states/ordering.htmlThis new sls formula has a special name -- init.sls. When an SLS formula is named init.sls it inherits the name of the directory path that contains it. This formula can be referenced via the following command:新的sls公司有一个特殊的名称“init.sls”,这样的一个sls会继承当前目录的名称,用这样的一个命令来关联起来,试一试:salt '*' state.sls nginx[root@svr200-21 salt]# salt '*' state.sls nginxtest230:---------- ID: nginx Function: pkg.installed Result: True Comment: The following packages were installed/updated: nginx. Started: 11:37:04.182413 Duration: 187110.65 ms Changes: ---------- gd: ---------- new: 2.0.35-11.el6 old: nginx: ---------- new: 1.0.15-11.el6 old: nginx-filesystem: ---------- new: 1.0.15-11.el6 old: ---------- ID: nginx Function: service.running Result: True Comment: The service nginx is already running Started: 11:40:11.293241 Duration: 59.986 ms Changes: Summary------------Succeeded: 2 (changed=1)Failed: 0------------Total states run: 2NoteReminder!Just as one could call the test.ping or disk.usage execution modules, state.sls is simply another execution module. It simply takes the name of an SLS file as an argument.就像可以调用test.ping or disk.usage这两个执行模块一样,state.sls也是另一个执行模块,,后边跟着的参数就是要执行的sls配置文件的名称(例如vim,nginx这些)。现在,继续用子目录来管理,调整下vim的配置:Now that subdirectories can be used, the vim.sls formula can be cleaned up. To make things more flexible, move the vim.sls and vimrc into a new subdirectory called edit and change the vim.sls file to reflect the change:/srv/salt/edit/vim.sls:vim: pkg.installed/etc/vimrc: file.managed: - source: salt://edit/vimrc - mode: 644 - user: root - group: rootOnly the source path to the vimrc file has changed. Now the formula is referenced as edit.vim because it resides in the edit subdirectory. Now the edit subdirectory can contain formulas for emacs, nano, joe or any other editor that may need to be deployed.执行方式变成了salt '*' state.sls edit.vim[root@svr200-21 salt]# salt '*' state.sls edit.vimtest230:---------- ID: vim-enhanced Function: pkg.installed Result: True Comment: Package vim-enhanced is already installed. Started: 11:53:52.288936 Duration: 1039.998 ms Changes: ---------- ID: /root/.vimrc Function: file.managed Result: True Comment: File /root/.vimrc is in the correct state Started: 11:53:53.329085 Duration: 161.691 ms Changes: Summary------------Succeeded: 2Failed: 0------------Total states run: 2