存储位置   类型      采集方式                 场景
Grains    minion        静态    minion启动时，可以刷新    1、获取信息 2、匹配
pillar    master        动态    指定，实时生效             1、匹配  2、敏感数据配置

LAMP  （软件安装salt.states.pki 配置文件salt.states.file  服务salt.states.service）

[root@linux-node1 prod]# mkdir -p /srv/salt/prod/{apache,mysql,php}
[root@linux-node1 prod]# tree
.
├── apache
├── mysql
└── php
#################################
[root@linux-node1 prod]# cd apache/
[root@linux-node1 apache]# vim init.sls
apache-install:
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

apache-services:
  service.running:
    - name: httpd
    - enable: True

[root@linux-node1 apache]# mkdir files
[root@linux-node1 apache]# cd files/
[root@linux-node1 files]# cp /etc/httpd/conf/httpd.conf .

[root@linux-node1 files]# salt 'linux-node1*' state.sls apache.init saltenv='prod'

linux-node1.localdomain:
----------ID: apache-installFunction: pkg.installedName: httpdResult: TrueComment: All specified packages are already installedStarted: 11:22:05.394917Duration: 1124.351 msChanges:
----------ID: apache-configFunction: file.managedName: /etc/httpd/conf/httpd.confResult: TrueComment: File /etc/httpd/conf/httpd.conf is in the correct stateStarted: 11:22:06.550853Duration: 32.42 msChanges:
----------ID: apache-servicesFunction: service.runningName: httpdResult: TrueComment: The service httpd is already runningStarted: 11:22:06.637945Duration: 115.643 msChanges:   Summary for linux-node1.localdomain
------------
Succeeded: 3
Failed:    0
------------
Total states run:     3
Total run time:   1.272 s

View Code

[root@linux-node1 prod]# cd php/
[root@linux-node1 php]# mkdir files
[root@linux-node1 php]# vim init.sls
php-install:
  pkg.installed:
    - pkgs:
      - php
      - php-pdo
      - php-mysql

php-config:
  file.managed:
    - name: /etc/php.ini
    - source: salt://php/files/php.ini
    - user: root
    - group: root
    - mode: 644

[root@linux-node1 php]# yum -y install php
[root@linux-node1 php]# cp /etc/php.ini files/

#################################

[root@linux-node1 prod]# cd mysql/
[root@linux-node1 mysql]# mkdir files
[root@linux-node1 mysql]# vim init.sls
mysql-install:
  pkg.installed:
    - pkgs:
      - mariadb
      - mariadb-server
mysql-config:
  file.managed:
    - name: /etc/my.cnf
    - source: salt://mysql/files/my.cnf
    - user: root
    - group: root
    - mode: 644

mysql-service:
  service.running:
    - name: mariadb
    - enable: True
    
[root@linux-node1 prod]# yum -y install mariadb-server
[root@linux-node1 prod]# cp /etc/my.cnf mysql/files/
#################################

[root@linux-node1 prod]# tree
.
├── apache
│   ├── files
│   │   └── httpd.conf
│   └── init.sls
├── mysql
│   ├── files
│   │   └── my.cnf
│   └── init.sls
└── php
    ├── files
    │   └── php.ini
    └── init.sls
[root@linux-node1 files]# salt 'linux-node1*' state.sls apache.init saltenv='prod'
salt -S '192.168.0.2' state.sls php.init saltenv=prod
salt -S '192.168.0.2' state.sls mysql.init saltenv=prod

等价于以下方式：
[root@linux-node1 prod]# vim ../base/top.sls
prod:
  'linux-node1.localdomain':
    - apache.init
    - php.init
    - mysql.init

[root@linux-node1 prod]# salt -S '192.168.0.2' state.highstate

linux-node1.localdomain:
----------ID: apache-installFunction: pkg.installedName: httpdResult: TrueComment: All specified packages are already installedStarted: 12:04:03.354119Duration: 987.978 msChanges:
----------ID: apache-configFunction: file.managedName: /etc/httpd/conf/httpd.confResult: TrueComment: File /etc/httpd/conf/httpd.conf is in the correct stateStarted: 12:04:04.345800Duration: 24.349 msChanges:
----------ID: apache-servicesFunction: service.runningName: httpdResult: TrueComment: The service httpd is already runningStarted: 12:04:04.371095Duration: 59.907 msChanges:
----------ID: php-installFunction: pkg.installedResult: TrueComment: All specified packages are already installedStarted: 12:04:04.431364Duration: 26.57 msChanges:
----------ID: php-configFunction: file.managedName: /etc/php.iniResult: TrueComment: File /etc/php.ini is in the correct stateStarted: 12:04:04.458181Duration: 13.008 msChanges:
----------ID: mysql-installFunction: pkg.installedResult: TrueComment: All specified packages are already installedStarted: 12:04:04.471433Duration: 24.754 msChanges:
----------ID: mysql-configFunction: file.managedName: /etc/my.cnfResult: TrueComment: File /etc/my.cnf is in the correct stateStarted: 12:04:04.496454Duration: 11.538 msChanges:
----------ID: mysql-serviceFunction: service.runningName: mariadbResult: TrueComment: The service mariadb is already runningStarted: 12:04:04.508203Duration: 45.043 msChanges:   Summary for linux-node1.localdomain
------------
Succeeded: 8
Failed:    0
------------
Total states run:     8
Total run time:   1.193 s

View Code

incloude 和 extend 使用
[root@linux-node1 prod]# vim lamp.sls
include:
  - php.init
  - apache.init
  - mysql.init

[root@linux-node1 prod]# vim ../base/top.sls
prod:
  'linux-node1.localdomain':
    - lamp
[root@linux-node1 prod]# salt -S '192.168.0.2' state.highstate

扩展
[root@linux-node1 prod]# vim lamp.sls
include:  #相当于把三个文件夹里的init.sls的内容复制粘贴过来一样
  - php.init
  - apache.init
  - mysql.init

extend:   #相当于在php/init.sls里面的pkg.installed加了一个安装项目
  php-install:
    pkg.installed:
      - name: php-mbstring
[root@linux-node1 prod]# salt -S '192.168.0.2' state.highstate

#################################

require(我依赖谁) 和 require_in（我被谁依赖） 使用

[root@linux-node1 prod]# vim apache/init.sls

apache-install:  #没有ID下面的模块（例如pkg、file、service）不能重复
  pkg.installed:
    - name: httpd

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpdi.conf  故意改错http.conf  httpdi.conf
    - user: root
    - group: root
    - mode: 644

apache-services:
  service.running:
    - name: httpd
    - enable: True
    - require:   #先会判断 apache-install 和 apache-config是否执行成功  不成功就不执行apache-services
      - pkg: apache-install  #格式： - 模块名: 自己定义的ID
      - file: apache-config

[root@linux-node1 prod]# salt -S '192.168.0.2' state.highstate 先找到 base的top.sls ---> 再执行top.sls里面的lamp.sls   --->最后执行lamp.sls里面的 mysql/init.sls  php/init.sls apache/init.sls

linux-node1.localdomain:
----------ID: php-installFunction: pkg.installedName: php-mbstringResult: TrueComment: All specified packages are already installedStarted: 15:31:45.534122Duration: 992.179 msChanges:
----------ID: php-configFunction: file.managedName: /etc/php.iniResult: TrueComment: File /etc/php.ini is in the correct stateStarted: 15:31:46.529682Duration: 24.317 msChanges:
----------ID: apache-installFunction: pkg.installedName: httpdResult: TrueComment: All specified packages are already installedStarted: 15:31:46.554230Duration: 25.533 msChanges:
----------报错的地方ID: apache-configFunction: file.managedName: /etc/httpd/conf/httpd.confResult: FalseComment: Source file salt://apache/files/httpdi.conf not found in saltenv 'prod'Started: 15:31:46.580005Duration: 5.781 msChanges:
----------报错的地方ID: apache-servicesFunction: service.runningName: httpdResult: FalseComment: One or more requisite failed: apache.init.apache-configStarted: 15:31:46.587421Duration: 0.02 msChanges:
----------ID: mysql-installFunction: pkg.installedResult: TrueComment: All specified packages are already installedStarted: 15:31:46.587521Duration: 24.84 msChanges:
----------ID: mysql-configFunction: file.managedName: /etc/my.cnfResult: TrueComment: File /etc/my.cnf is in the correct stateStarted: 15:31:46.612602Duration: 11.833 msChanges:
----------ID: mysql-serviceFunction: service.runningName: mariadbResult: TrueComment: The service mariadb is already runningStarted: 15:31:46.624651Duration: 59.244 msChanges:   Summary for linux-node1.localdomain
------------
Succeeded: 6
Failed:    2
------------
Total states run:     8
Total run time:   1.144 s

View Code

 require_in（我被谁依赖） 演示

[root@linux-node1 prod]# vim apache/init.sls

跟require效果差不多

watch 和 watch_in 的使用（不是什么模块都可以使用 service有）

[root@linux-node1 prod]# vim apache/init.sls
看着（watch）  修改http.conf 文件的内容 就执行重启

[root@linux-node1 prod]# vim apache/init.sls
加了一行 reload: True
看着（watch）  修改http.conf 文件的内容 就执行重新加载

[root@linux-node1 prod]# vim apache/init.sls
看着（watch in）  修改http.conf 文件的内容 就执行重新加载

unless用法
[root@linux-node1 ~]# cd /var/www/html/
[root@linux-node1 html]# mkdir admin
[root@linux-node1 admin]# vim index.html
[root@linux-node1 salt]# cd /srv/salt/prod/apache/files/
[root@linux-node1 files]# vim httpd.conf
<Directory /var/www/html/admin>
    AllowOverride All
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "welcome"
    AuthUserFile /etc/httpd/conf/htpasswd_file
    Require user admin
</Directory>

[root@linux-node1 files]# whereis htpasswd
htpasswd: /usr/bin/htpasswd /usr/share/man/man1/htpasswd.1.gz
[root@linux-node1 files]# rpm -qf /usr/bin/htpasswd
httpd-tools-2.4.6-88.el7.centos.x86_64

[root@linux-node1 files]# cd ..
[root@linux-node1 apache]# vim init.sls 增加一个
apache-auth:
  pkg.installed:
    - name: httpd-tools
  cmd.run:
    - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
    - unless: test -f /etc/httpd/conf/htpasswd_file  # 如果条件为假 才执行 htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin

[root@linux-node1 ~]# salt -S '192.168.0.2' state.highstate
http://192.168.0.2/admin

jinja模板用法
[root@linux-node1 ~]# vim /srv/salt/prod/apache/init.sls #加上jinja模板
apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644
    - template: jinja
      PORT: 80
      IPADDR: {{ grains['fqdn_ip4'][0] }} #输出的是一个列表

[root@linux-node1 ~]# vim /srv/salt/prod/apache/files/httpd.conf
#Listen 12.34.56.78:80
Listen {{ IPADDR }}:{{ PORT }}

#

[root@linux-node1 ~]# vim /srv/salt/base/top.sls
#base:
#  'os:ubuntu':
#    - match: grain
#    - web.apache
prod:
  'linux-node*.localdomain':
    - lamp
~

[root@linux-node1 ~]# salt '*' state.highstate