YAML language
YAML is an intuitive data serialization format that can be recognized by computer. It is a programming language with high readability, easy to be read by human beings, easy to interact with scripting language and used to express data sequences.
It is similar to the data description language of XML, a subset of the standard general markup language, and its syntax is much simpler than XML.
Basic rules of YAML:
- Indent is used to represent the hierarchical relationship. There are 2 spaces in each layer. The TAB key is prohibited
- When the colon is not at the end, there must be a space after the colon
- The list is represented by --
- Must be followed by a space to # indicate a comment
YAML Configuration file to be placed in SaltStack Let's put it where we can SaltStack of Master Find in configuration file file_roots You can see
[root@master salt]# vim master
#file_roots:
# base:
# - /srv/salt
#
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
dev:
- /srv/salt/dev
prod:
- /srv/salt/prod
[root@master salt]# ls /srv/
[root@master salt]# mkdir -p /srv/salt/{base,test,dev,prod}
[root@master salt]# tree /srv/
/srv/
`-- salt
|-- base
|-- dev
|-- prod
`-- test
5 directories, 0 files
After modifying the configuration, restart to take effect
[root@master salt]# systemctl restart salt-master
Note: base is the default location, if file_ If there is only one root, base is required and must be called base, and cannot be renamed
apache instance
Create directory structure
[root@master ~]# cd /srv/salt/base/
[root@master base]# ls
[root@master base]# mkdir web/{nginx,apache} -p
[root@master base]# tree
.
`-- web
|-- apache
`-- nginx
3 directories, 0 files
configuration file
be careful: YAML What is written in the top grid of the configuration file is called ID,It must be globally unique and cannot be repeated
[root@master base]# vim web/apache/apache.sls
[root@master base]# cat web/apache/apache.sls
apache-install:
pkg.installed:
- name: httpd
apache-service:
service.running:
- name: httpd
- enable: true
[root@master base]# tree
.
`-- web
|-- apache
| `-- apache.sls
`-- nginx
3 directories, 1 file
Execute on controlled host apache.sls Status file
[root@master base]# salt 'minion2' state.sls web.apache.apache saltenv=base
minion2:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 14:30:19.078114
Duration: 8995.341 ms
Changes:
----------
apr:
----------
new:
1.6.3-11.el8
old:
apr-util:
----------
new:
1.6.1-6.el8
old:
apr-util-bdb:
----------
new:
1.6.1-6.el8
old:
apr-util-openssl:
----------
new:
1.6.1-6.el8
old:
centos-logos-httpd:
----------
new:
85.8-1.el8
old:
httpd:
----------
new:
2.4.37-39.module_el8.4.0+950+0577e6ac.1
old:
httpd-filesystem:
----------
new:
2.4.37-39.module_el8.4.0+950+0577e6ac.1
old:
httpd-tools:
----------
new:
2.4.37-39.module_el8.4.0+950+0577e6ac.1
old:
mailcap:
----------
new:
2.1.48-3.el8
old:
mod_http2:
----------
new:
1.15.7-3.module_el8.4.0+778+c970deab
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 14:30:28.085891
Duration: 1277.562 ms
Changes:
----------
httpd:
True
Summary for minion2
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 10.273 s
Check the controlled host
[root@minion2 ~]# rpm -qa|grep httpd
httpd-2.4.37-39.module_el8.4.0+950+0577e6ac.1.x86_64
httpd-tools-2.4.37-39.module_el8.4.0+950+0577e6ac.1.x86_64
centos-logos-httpd-85.8-1.el8.noarch
httpd-filesystem-2.4.37-39.module_el8.4.0+950+0577e6ac.1.noarch
[root@minion2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@minion2 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: di>
Active: active (running) since Tue 2021-11-02 14:30:29 EDT; 1min 35s ago
Docs: man:httpd.service(8)
Main PID: 35825 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 49298)
Memory: 39.2M
CGroup: /system.slice/httpd.service
├─35825 /usr/sbin/httpd -DFOREGROUND
├─35894 /usr/sbin/httpd -DFOREGROUND
├─35895 /usr/sbin/httpd -DFOREGROUND
├─35896 /usr/sbin/httpd -DFOREGROUND
└─35897 /usr/sbin/httpd -DFOREGROUND
Nov 02 14:30:28 minion2 systemd[1]: Starting The Apache HTTP Server...
Nov 02 14:30:29 minion2 httpd[35825]: AH00558: httpd: Could not reliably determine t>
Nov 02 14:30:29 minion2 systemd[1]: Started The Apache HTTP Server.
Nov 02 14:30:30 minion2 httpd[35825]: Server configured, listening on: port 80
top file
introduce
Is it automatic enough to execute sls files directly through commands? The answer is no, because we have to tell a host to perform a task. Automation should be that when we let it work, it knows which host to do. However, executing sls files directly through commands can not achieve this purpose. In order to solve this problem, top file came into being.
Top file is an entry. The file name of top file can be found by searching top.sls in the Master configuration file, and this file must be in the base environment. By default, this file must be called top.sls.
The function of top file is to tell the corresponding host what to do, such as enabling the web server to start web services, enabling the database server to install mysql, and so on.
top file: defines the file entry
- One to many
example
[root@minion1 ~]# cat /etc/redhat-release
CentOS Linux release 8.4.2105
[root@minion1 ~]# yum list all|grep nginx
Failed to set locale, defaulting to C.UTF-8
nginx.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-all-modules.noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-filesystem.noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-http-image-filter.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-http-perl.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-http-xslt-filter.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-mail.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-stream.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
pcp-pmda-nginx.x86_64 5.2.5-6.el8_4 appstream
[root@minion2 ~]# cat /etc/redhat-release
CentOS Linux release 8.4.2105
[root@minion2 ~]# yum list all|grep nginx
Failed to set locale, defaulting to C.UTF-8
nginx.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-all-modules.noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-filesystem.noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-http-image-filter.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-http-perl.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-http-xslt-filter.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-mail.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
nginx-mod-stream.x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream
pcp-pmda-nginx.x86_64 5.2.5-6.el8_4 appstream
[root@master base]# tree
.
`-- web
|-- apache
| `-- install.sls
`-- nginx
3 directories, 1 file
[root@master base]# vim web/nginx/install.sls
[root@master base]# cat web/nginx/install.sls
nginx-install:
pkg.installed:
- name: nginx
nginx-service:
service.running:
- name: nginx
- enable: true
[root@master base]# tree
.
`-- web
|-- apache
| `-- install.sls
`-- nginx
`-- install.sls
3 directories, 2 files
[root@master base]# ls
web
[root@master base]# vim top.sls
[root@master base]# cat top.sls
base:
'minion1':
- web.nginx.install
'minion2':
- web.apache.install
[root@master base]# salt '*' state.highstate saltenv=base / / view the result in the second execution
master: //There is no problem that the master displays an error in red, because the top file does not specify the master
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found. Please see master log for details.
Changes:
Summary for master
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
minion2:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 14:39:40.666205
Duration: 686.242 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 14:39:41.354053
Duration: 50.114 ms
Changes:
Summary for minion2
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 736.356 ms
minion1:
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: True
Comment: All specified packages are already installed
Started: 14:39:40.674417
Duration: 734.172 ms
Changes:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: The service nginx is already running
Started: 14:39:41.410945
Duration: 52.55 ms
Changes:
Summary for minion1
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 786.722 ms
ERROR: Minions returned with non-zero exit code
see
[root@minion1 ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: di>
Active: active (running) since Tue 2021-11-02 14:39:32 EDT; 3min 33s ago
Main PID: 51795 (nginx)
Tasks: 5 (limit: 49298)
Memory: 7.7M
CGroup: /system.slice/nginx.service
├─51795 nginx: master process /usr/sbin/nginx
├─51796 nginx: worker process
├─51797 nginx: worker process
├─51798 nginx: worker process
└─51799 nginx: worker process
Nov 02 14:39:32 minion1 systemd[1]: Starting The nginx HTTP and reverse proxy server>
Nov 02 14:39:32 minion1 nginx[51792]: nginx: the configuration file /etc/nginx/nginx>
Nov 02 14:39:32 minion1 nginx[51792]: nginx: configuration file /etc/nginx/nginx.con>
Nov 02 14:39:32 minion1 systemd[1]: Started The nginx HTTP and reverse proxy server.
[root@minion1 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@minion2 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: di>
Active: active (running) since Tue 2021-11-02 14:30:29 EDT; 12min ago
Docs: man:httpd.service(8)
Main PID: 35825 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 49298)
Memory: 39.2M
CGroup: /system.slice/httpd.service
├─35825 /usr/sbin/httpd -DFOREGROUND
├─35894 /usr/sbin/httpd -DFOREGROUND
├─35895 /usr/sbin/httpd -DFOREGROUND
├─35896 /usr/sbin/httpd -DFOREGROUND
└─35897 /usr/sbin/httpd -DFOREGROUND
Nov 02 14:30:28 minion2 systemd[1]: Starting The Apache HTTP Server...
Nov 02 14:30:29 minion2 httpd[35825]: AH00558: httpd: Could not reliably determine t>
Nov 02 14:30:29 minion2 systemd[1]: Started The Apache HTTP Server.
Nov 02 14:30:30 minion2 httpd[35825]: Server configured, listening on: port 80
[root@minion2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
Use of advanced state highstate
When managing SaltStack, the most common management operation is to perform advanced status
[root@master ~]# salt '*' state.highstate / / the salt command is prohibited in the production environment
be careful:
The above allows everyone to execute the advanced state, but it is generally not used in actual work. In work, it is generally to notify one or some target hosts to execute the advanced state. The specific execution is determined by the top file
If you add the parameter test=True when executing the advanced state, it will tell us what it will do, but it will not really perform this operation
Stop minon Upper httpd service
[root@minion2 ~]# systemctl stop httpd
[root@minion2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
stay master Perform advanced state tests on
[root@master base]# salt 'minion2' state.highstate test=true
minion2:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 14:47:31.930294
Duration: 593.979 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: None
Comment: Service httpd is set to start
Started: 14:47:32.525839
Duration: 40.901 ms
Changes:
Summary for minion2
------------
Succeeded: 2 (unchanged=1)
Failed: 0
------------
Total states run: 2
Total run time: 634.880 ms
stay minion View on httpd Start
[root@minion2 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: di>
Active: inactive (dead) since Tue 2021-11-02 14:46:41 EDT; 1min 42s ago
Docs: man:httpd.service(8)
Process: 35825 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, statu>
Main PID: 35825 (code=exited, status=0/SUCCESS)
Status: "Running, listening on: port 80"
Nov 02 14:30:28 minion2 systemd[1]: Starting The Apache HTTP Server...
Nov 02 14:30:29 minion2 httpd[35825]: AH00558: httpd: Could not reliably determine t>
Nov 02 14:30:29 minion2 systemd[1]: Started The Apache HTTP Server.
Nov 02 14:30:30 minion2 httpd[35825]: Server configured, listening on: port 80
Nov 02 14:46:40 minion2 systemd[1]: Stopping The Apache HTTP Server...
Nov 02 14:46:41 minion2 systemd[1]: httpd.service: Succeeded.
Nov 02 14:46:41 minion2 systemd[1]: Stopped The Apache HTTP Server.
Therefore, the advanced state is not implemented because httpd It didn't start