saltstack管理8の通常実行モジュール
通常実行モジュール
すべての実行モジュール: http://docs.saltstack.cn/zh_CN/latest/ref/states/all/index.
常用モジュール:cmd、cron、file、mount、ntp、pkg、service、user、group
注意:template関数はfileモジュールにしか使えません。
http://docs.saltstack.cn/zh_CN/latest/ref/states/all/salt.states.iptables.co.co.module-salt.states.iptables
lvmモジュール:
会社から新しい社員が来たら、すべてのサーバーに普通のアカウントを追加する必要があります。
すべての実行モジュール: http://docs.saltstack.cn/zh_CN/latest/ref/states/all/index.
常用モジュール:cmd、cron、file、mount、ntp、pkg、service、user、group
## :
salt:
pkg.latest:
- name: salt
service.running:
- names: # , , names,
- salt-master
- salt-minion
- require:
- pkg: salt
- watch:
- file: /etc/salt/minion
/etc/salt/minion:
file.managed:
- source: salt://salt/minion
- user: root
- group: root
- mode: 644
- require:
- pkg: salt
## :
/dbdata:
file.directory: # ,
:
/dbdata:
file:
- directoryname: , salt-minion
onlyif: , ``onlyif`` true name
unless: , ``unless`` false name
cwd: , /root
user:
group:
shell: shell, shell grain
run: name
[root@test81 ~]# cat install.sls
nginx_source:
file.managed:
- name: /tmp/nginx-1.4.5.tar.gz
- unless: test -f /tmp/nginx-1.4.5.tar.gz ## minion /tmp/nginx-1.4.5.tar.gz , file
- source: salt://nginx/files/nginx-1.4.5.tar.gz
tar_nginx:
cmd.run:
- cwd: /usr/local/src ##
- name: tar zxvf nginx-1.4.5.tar.gz
- unless: test -d /usr/local/src/nginx-1.4.5 ## minion /usr/local/src/nginx-1.4.5 , name
- require:
- file: nginx_source
##unless: ( )
##onlyif: ntpdate_cron:
cron:
- present
- name: /usr/sbin/ntpdate pool.ntp.org
- minute: '*/30'
- require:
- cmd: isntp
isntp:
cmd:
- run
- name: yum -y install ntp
- unless: test ! -z `rpm -qa ntp` ## shell (tab )minute:
hour:
daymonth:
month:
dayweek:
user:
present:
name:
[root@scj cron]# cat cron.sls
mysql_cron:
cron:
- present
- name: cd /tmp/scripts;./mysql_backup.sh
- user: root
- minute: 0
- hour: 1
#- daymonth:
#- month:
#- dayweek:
#- minute: "*/5"## :
## :
mysql_cron:
cron:
- present
- name: cd /tmp/scripts;./mysql_backup.sh
- user: root
- minute: 0
- hour: 2 # 1 2
#- daymonth:
#- month:
#- dayweek:
#- minute: "*/5"
: name
name
name ,
## :
## :
mysql_cron:
cron:
- absent ##absent
- name: cd /tmp/scripts;./mysql_backup.sh ## name ,
- user: root
- minute: 0
- hour: 2
#- daymonth:
#- month:
#- dayweek:
#- minute: "*/5"注意:template関数はfileモジュールにしか使えません。
.sls 1:
/tmp/salt/:
file:
- directory # ,
- name: /tmp/salt/
- user: nobody
- group: nobody
- file_mode: 644 # recurse
- dir_mode: 755 # 644, 755
- makedirs: True
- recurse: # ,
- user # , , recurse (nobody 644 755)
- group
- mode # 644, 755, file_mode dir_mode
#- ignore_files #
#- ignore_dirs
/tmp/salt/file:
file:
- managed #
- name: /tmp/salt/file
- source: salt://web/files/httpd.conf
- user: nobody
- group: nobody # , (nobody 644)
- mode: 644
#- backup: minion
#- template: jinja # pillar grains
- require:
- file: /tmp/salt/
.sls 2:
{% set site_user = 'testuser' %} #
{% set site_name = 'test_site' %}
{% set project_name = 'test_proj' %}
{% set sites_dir = 'test_dir' %}
django-project:
file.recurse:
- name: {{ sites_dir }}/{{ site_name }}/{{ project_name }}
- user: {{ site_user }} #
- dir_mode: 2775
- file_mode: '0644'
- template: jinja # template: jinja
- source: salt://project/templates_dir
- include_empty: True
.sls 3:
/etc/http/conf/http.conf:
file.managed:
- source: salt://apache/http.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults: # ,
custom_var: "default value" # salt://apache/http.conf
other_var: 123
{% if grains['os'] == 'Ubuntu' %} ##if ##
- context: # context , defaults
custom_var: "override" # ,defaults
{% endif %}
.sls 4:
/tmp/dir1/file1:
file:
- managed
- makedirs: True
## minion dir1 , makedirs dir1 , file1 absent:
name: absent ,
present: , ;
name: present ,
## present ##
gid: ID ; , ID
system: , groupadd“-r”
addusers:
delusers:
members: 。
## : 'members' 'adduser/delusers' ,
cheese:
group.present: # , ; , ,
- gid: 7648
- system: True
- addusers:
- user1 # user1
- users2
- delusers:
- foo
cheese:
group.present:
- gid: 7648
- system: True
- members: # 4
- foo
- bar
- user1
- user2http://docs.saltstack.cn/zh_CN/latest/ref/states/all/salt.states.iptables.co.co.module-salt.states.iptables
lvmモジュール:
/dev/sda:
lvm:
- pv_present # pv
#-name: /dev/sda
my_vg:
lvm.vg_present: # vg
- devices: /dev/sda # pv
lvroot:
lvm.lv_present:
- vgname: my_vg # vg
- name: lvroot
- size: 10G
#- stripes: 5
#- stripesize: 8K/mnt/sdb: # , name
mount.mounted:
- device: /dev/sdb1 #
#- name: /mnt/sdb #
- fstype: ext4
- mkmnt: True # , True
- opts:
- defaults
/srv/bigdata:
mount:
- mounted:
- device: UUID=066e0200-2867-4ebe-b9e6-f30026ca2314
- fstype: xfs
- opts: nobootwait,noatime,nodiratime,nobarrier,logbufs=8
#- dump: 0 # 0
#- pass_num: 2 # 0
#- persist: True # /etc/fstab , True,
- mkmnt: True
##dump: The dump value to be passed into the fstab, Default is 0
##pass_num: The pass value to be passed into the fstab, Default is 0mypkgs:
pkg.installed:
- pkgs: # , pkgs ,
- gcc
- cmake
- make
#- name: httpd # , pkgs ,
##installed:
##latest:
##removed:
##pkgs: , ( )
##names: , , ( )httpd:
service:
- running #
- enable: True #
- reload: True #watch /etc/httpd/conf/httpd.conf , reload; reload reload False, restart
- watch:
- file: /etc/httpd/conf/httpd.conf
- require:
- pkg: httpd
##dead: stop
##reload True:
ID: httpd
Function: service.running
Result: True
Comment: Service reloaded ##reload
Started: 14:56:31.920445
Duration: 1702.923 ms
Changes:
----------
httpd:
True
## reload reload False:
ID: httpd
Function: service.running
Result: True
Comment: Service restarted ##restart
Started: 14:58:05.723261
Duration: 1193.026 ms
Changes:
----------
httpd:
Trueuser1:
user:
- present
#- name: user1
#- home: /home/user1
#- shell: /bin/bash
- uid: 600
- gid: 600
- system: True #
- groups: #
- nobody # user1 nobody , nobody ; jeff , nobody , jeff
#- group1
##absent:
##force: ( )会社から新しい社員が来たら、すべてのサーバーに普通のアカウントを追加する必要があります。
## MD5
[root@dbm133 ~]# openssl passwd -1 -salt 'shencj' ## , shencj ;
Password: ##
$1$shencj$i3JtzHYM7hFcNP63VLK..1 ## ## pillar
[root@dbm133 ~]# cat /srv/pillar/user/init.sls
username: shencj
password: '$1$shencj$i3JtzHYM7hFcNP63VLK..1'## state .sls
[root@dbm133 ~]#cat /srv/salt/user/adduser.sls
{{ pillar['username'] }}:
user:
- present
# - uid: 1001
# - gid: 1001
- password: {{ pillar['password'] }}
- groups:
- nobody
/home/{{ pillar['username'] }}/.ssh:
file:
- directory
- require:
- user: {{ pillar['username'] }}
/home/{{ pillar['username'] }}/.ssh/authorized_keys:
file:
- managed
- source: salt://files/authorized_keys
- mode: 400
- user: {{ pillar['username'] }}
- group: {{ pillar['username'] }}
- require:
- file: /home/{{ pillar['username'] }}/.ssh##master
[root@dbm133 ~]# salt '*' state.sls user.adduser