saltstack与自动化运维
orchestration with salt
salt-cloud
/etc/salt/cloud.provider 用来设置cloud provider, 例如EC2, DigitalOcean, RackSpace
/etc/salt/cloud.profiles 用来设置instance的类型及相关设置:
- EC2做master和EC2交互, 设定
ssh_interface: private_ips比较好 - block_device_mappings设置storage:
block_device_mappings:
- DeviceName: /dev/sdb
VirtualName: ephemeral0
- DeviceName: /dev/sdc
VirtualName: ephemeral1
- DeviceName: /dev/sda
Ebs.VolumeSize: 100
- rename会改变tag和salt key:
salt-cloud -a rename mymachine newname=yourmachine
- rename_on_destroy:
EC2 terminate一个instance后需要一段时间才能彻底清除, 为了避免Name tag冲突可以用
my-ec2-config:
rename_on_destroy: True
- 查看provider下的所有instance:
需要在provider里加ower参数
ower: aws-marketplace
然后执行bash命令:
salt-cloud -f avail_images my-ec2-config owner=aws-marketplace
用来避免instances太多导致salt-cloud假死(frozen)
BEST WAY TO RESTART A SALT DAEMON USING SALT? (Upgrade)
salt-minion:
pkg:
- installed
- version: 2014.1.7-3.el6
- order: last
service:
- running
- require:
- pkg: salt-minion
cmd:
- wait
- name: echo service salt-minion restart | at now + 1 minute
- watch:
- pkg: salt-minion
NOTE:
salt,grains,pillar,opts,env,sls,前三个分别对应jinja里的salt,grains,pillar,__opts__是minion的配置文件的字典,__env__对应的是环境如base,__sls__对应的是sls的文件名
用salt reactor 和 highstate进行系统初始化部署
在/etc/salt/master.d/reactor.conf加入
reactor:
- 'salt/auth':
- /srv/reactor/auth-complete.sls
用来获取验证的event
/srv/reactor/auth-complete.sls:
highstate_run:
cmd.state.highstate:
- tgt: {{ data[id] }}
可以自动完成验证后的一些自动化初始化。