## saltstack 学习记录
配置文件
$ cat /etc/salt/master.d/10-master.conf
user: root interface: 127.0.0.1 ipv6: False worker_threads: 10 hash_type: sha256 log_level_logfile: debug log_level: info default_top: base cli_summary: false state_output: changes
$ cat /etc/salt/master.d/20-git.off
fileserver_backend: - git
#gitfs_remotes: # - http://salt-master:r60JgZsSqR0FvXjowL8c@127.0.2.1:80/saltstack/state.git
$ cat /etc/salt/master.d/30-file.conf
file_roots: dev: - /home/jony/salt_gitlab
cat /etc/salt/master.d/40-mongo.conf
mongo.db: vortex mongo.host: 127.0.0.1 mongo.user: mongodb_salt mongo.password: 123456 mongo.indexes: true
master_tops:
mongo: { id_field: minion_id, collection: salt_top }
ext_pillar:
- mongo: { id_field: minion_id, collection: salt_pillar }### saltstack 用法
> 如果刷新不出数据,或者出现一些莫名其妙的问题,可以killall -9 杀掉重启试试
$ salt ‘*‘ saltutil.pillar_refresh 刷新pillar数据 $ salt ‘*‘ pillar.items #获取pillar数据 $ salt ‘*‘ pillar.data #获取pillar数据 $ salt ‘ubuntu‘ pillar.items application:mysql-databases:grants:from ubuntu: ---------- application:mysql-databases:grants:from: % $ salt ‘*‘ grains.items #获取grains 数据 $ salt ‘*‘ grains.ls $ salt ‘ubuntu‘ grains.item ip_interfaces:eth0 ubuntu: ---------- ip_interfaces:eth0: - 192.168.100.130 - fe80::20c:29ff:fea9:c4f4
$ salt ‘ubuntu‘ sys.doc #获取帮助信息
## mongodb 部署
#### 目录结构
$ tree subsystem/mongo mongo ├── client │ ├── init.sls │ └── mongo-client-install.sls ├── init.sls └── server ├── init.sls ├── mongo-3.4.pub ├── mongodb-install.sls ├── mongodb-reconfigure.sls └── mongod_conf.jinja
#### sls文件编写
$ cat init.sls include: - .server - .client
$ cat server/init.sls #初始化模板,这样写易于扩展
{% if ‘mongo-server‘ in pillar[‘subsystem‘] and pillar[‘subsystem‘][‘mongo-server‘][‘status‘] == ‘installed‘ %}
include:
- .mongodb-reconfigure
{% elif ‘mongo-server‘ in pillar[‘subsystem‘] and pillar[‘subsystem‘][‘mongo-server‘][‘status‘] == ‘pre-install‘ %}
include:
- .mongodb-install$ cat server/mongodb-install.sls #安装sls文件
{% set config = pillar[‘subsystem‘][‘mongo-server‘] %}
subsystem.mongo.server.deploy:
pkgrepo.managed:
- humanname: mongodb-org-3.4
- name: deb [ arch=amd64 ] http://mirrors.aliyun.com/mongodb/apt/ubuntu trusty/mongodb-org/3.4 multiverse
- key_url: salt://subsystem/mongodb/mongo-3.4.pub
- file: /etc/apt/sources.list.d/mongodb-org-3.4.list
- unless: apt-key list|grep -qE ‘MongoDB 3.4 Release‘
pkg.installed:
- name: mongodb-org
- skip_verify: True
- skip_suggestions: True
file.directory:
- name: /data/mongodata
- user: mongodb
- group: mongodb
- makedirs: True
subsystem.mongo.server.config:
file.managed:
- name: /etc/mongod.conf
- source: salt://subsystem/mongo/server/mongod_conf.jinja
- template: jinja
- defaults:
config: {{ pillar[‘subsystem‘][‘mongo-server‘] | json() }}
service.running:
- name: mongod
- enable: True
- restart: True
- watch:
- file: /etc/mongod.conf
subsystem.mongo.server.root:
cmd.run:
- cwd: /root
- name: mongo admin --eval "db.createUser({user:‘mongodbadmin‘, pwd:‘{{ config[‘install_password‘] }}‘, roles:[‘root‘]})"
- unless: echo ‘show users‘ | mongo admin | grep -qE ‘.*_id.*admin.mongodbadmin‘
- require:
- service: mongod$ cat server/mongod_conf.jinja #配置文件jinja模板
storage:
dbPath: /data/mongodata
journal:
enabled: true
systemLog:
destination: file
logAppend: true
path: /data/mongodata/mongod.log
net:
port: {{ config[‘listen-port‘] if ‘listen-port‘ in config else ‘27017‘ }}
bindIp: {{ config[‘listen-ip‘] if ‘listen-ip‘ in config else ‘127.0.0.1‘ }}
{% if ‘status‘ in config and config[‘status‘] == ‘installed‘ %}
security:
authorization: enabled
{% endif %}$ cat server/mongo-3.4.pub #apt安装所需要的mongo公钥 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFaUNhsBEACkTlpL9xCrlirl77tahFzzd9ccTc5wP+M3oob18GIaMYKicjbR h6J6ytCiXCkl65zYKvQdLkt8qlkBVc5DxGeJvD41IY3NzGPz+BZ9pFFBndAE+JEP ng0ULLxzUDmWXIoukdHqf92BSizTFd2A8v+YGuwOkNBdPi/BHkwiViAaAKDZm/4k 9LZeOF0v7gZF89QD75NrSCKo5SGFRb8Cxi4KR4cS/jPuQVjd+B9fWkc74BUWE91t 3R87Uypd+1qnmoN6cOssLZ4s8n/cyOCkVphGmk1tDDhbEsI4knOqtPXaBHiC4lVI ghpTHEDUuDfbQ7scySae8/YItTC/vVGngiJmZSfZU5AvVspe6rfkHQHqZs3gYMqj XPl7acviEAZ7OiMp9diq6Kgp+xLRvRGL+jtUjLkP5O4gJlnxCm7YWrYfYA/vHULD MyIGSBzuESGxL+Ygz+Dc0Aim9NPM5KhpV5FoAXNt50cn6n1adIwbUciRY0zBXKAI Vj6D+j3e0ozsO+GGEpmQFAIo1h7CEn8VV61WaLz2F60LKR8d/DEMZ7SY8uznbzkm TJCeCp/pTnPeGwkyJmJ78LAaKw2tSCeEAfRlnzPeQeanOnEX/wnAjHHAHewvGgQe GW1QkEdy8zNmfODDf9wqknBShaFRHAOAQFEgBAkYHuT4SgHqW8TVDtF3CQARAQAB tDdNb25nb0RCIDMuNCBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwYWNrYWdpbmdAbW9u Z29kYi5jb20+iQI+BBMBAgAoBQJWlDYbAhsDBQkDwmcABgsJCAcDAgYVCAIJCgsE FgIDAQIeAQIXgAAKCRC8cR+boVcDxmtEEACSjnZcwcozGYS/8peH2P8yPxD2mXVQ AJ8Pss+YBo8hpRaiA7BEY+FFthbSYEX8XRR/Bg9HjDk9CNXc221I0WcTRv3Sb718 QutRd4ppdGtusgTHjUdYNDzctExU90vtJRvwI2oiz2YA8dM7mtTzUFpR4IQGopB4 PmjEls6hkebTjjSaO9UmcLyip+S+rTZ9c8UQvBH7rNoe4QacmGi/l/uUo/q4J7nE jtjpsemUK7LWY7YtB21F/hH3OrQkgQAoVv2q2xSaiLJeWsr33jgd4o4/d3QN1t/P GkNIOEBdO/hM8uOj+hGD+tDphHzd9jGjALqV6lC2k9zNXyAFnTUwp0NL74hODv6z daihKu4fTRU7S0eYSGc2sQDPiiQF5YkxAHqADnPmR2ZpBVVtbUNB31BDOYjTzRwq tkLKRCgI29Kgut0Uhvq+/Hx+0485ndgzcqeaLhslUagZy1bXN3sDW4QYN2tPvP+P 2JDtGydsYGZCWA0FBRFdsSbruBSK/BkEpGhq97bE9vclfVchb989A47lgErusw5C xtLxUGPmVc2dYmHJLUkgHszdcTLHwy8/arYMehG7RVzAEG55AueLsc9B0vSI0E6r lvalHgoCttCynEzM4Ol1rcG9XtlCyKk4AeimYLE/cxlckDoIVVwrFXrRrhB41Asw rP4l4xtk+nWHpg== =F42J -----END PGP PUBLIC KEY BLOCK-----
$ cat server/mongodb-reconfigure.sls #如果配置文件有变,就重启
subsystem.mongo.server.config:
file.managed:
- name: /etc/mongod.conf
- source: salt://subsystem/mongo/server/mongod_conf.jinja
- template: jinja
- defaults:
config: {{ pillar[‘subsystem‘][‘mongo-server‘] | json() }}
service.running:
- name: mongod
- enable: True
- restart: True
- watch:
- file: /etc/mongod.conf$ cat client/init.sls #client客户端安装,易于扩展
{% if ‘mongo-client‘ in pillar[‘subsystem‘] and pillar[‘subsystem‘][‘mongo-client‘][‘status‘] == ‘pre-install‘ %}
include:
- .mongo-client-install
{% endif %}$ cat client/mongo-client-install.sls #客户端安装
Add apt-repo of mongodb-org on {{ grains[‘id‘] }}:
pkgrepo.managed:
- humanname: mongodb-org-3.4
- name: deb [ arch=amd64 ] http://mirrors.aliyun.com/mongodb/apt/ubuntu trusty/mongodb-org/3.4 multiverse
- key_url: salt://subsystem/mongodb/mongo-3.4.pub
- file: /etc/apt/sources.list.d/mongodb-org-3.4.list
- unless: apt-key list|grep -qE ‘MongoDB 3.4 Release‘
pkg.installed:
- name: mongodb-org-shell
- skip_verify: True
- skip_suggestions: True## mongodb增删创建库与用户 #### 目录结构 $ tree application/mongo mongo ├── init.sls ├── mongo_create.sh ├── mongo_drop.sh ├── mongo_user_create.sh └── mongo_user_drop.sh
#### sls 文件编写
$ cat mongo/init.sls
{% if ‘mongodb-client‘ in pillar[‘subsystem‘] and pillar[‘subsystem‘][‘mongodb-client‘][‘status‘] == ‘installed‘ %}
{% for mongo in pillar[‘application‘][‘mongodb-instances‘] %}
{% for db in mongo[‘dbs‘] %}
{% if ‘delete‘ in db and db[‘delete‘] %}
Drop mongo database {{ db[‘dbname‘] }}:
cmd.script:
- name: salt://application/mongo/mongo_drop.sh
- cwd: /root
- stateful: True
- template: jinja
- default:
dbname: {{ db[‘dbname‘] }}
adminuser: {{ mongo[‘adminuser‘] }}
adminpasswd: {{ mongo[‘adminpasswd‘] }}
host: {{ mongo[‘ip‘] if ‘ip‘ in mongo else ‘127.0.0.1‘ }}
port: {{ mongo[‘port‘] if ‘port‘ in mongo else ‘27017‘ }}
{% else %}
Create mongo database {{ db[‘dbname‘] }}:
cmd.script:
- name: salt://application/mongo/mongo_create.sh
- cwd: /root
- stateful: True
- template: jinja
- default:
dbname: {{ db[‘dbname‘] }}
adminuser: {{ mongo[‘adminuser‘] }}
adminpasswd: {{ mongo[‘adminpasswd‘] }}
host: {{ mongo[‘ip‘] if ‘ip‘ in mongo else ‘127.0.0.1‘ }}
port: {{ mongo[‘port‘] if ‘port‘ in mongo else ‘27017‘ }}
{% if ‘users‘ in db %}
{% for user in db[‘users‘] %}
{% if ‘delete‘ in user and user[‘delete‘] %}
Drop user {{ user[‘username‘] }} on {{ db[‘dbname‘] }}:
cmd.script:
- name: salt://application/mongo/mongo_user_drop.sh
- cwd: /root
- stateful: True
- template: jinja
- default:
username: {{ user[‘username‘] }}
adminuser: {{ mongo[‘adminuser‘] }}
adminpasswd: {{ mongo[‘adminpasswd‘] }}
host: {{ mongo[‘ip‘] if ‘ip‘ in mongo else ‘127.0.0.1‘ }}
port: {{ mongo[‘port‘] if ‘port‘ in mongo else ‘27017‘ }}
dbname: {{ db[‘dbname‘] }}
{% else %}
Create user {{ user[‘username‘] }} on {{ db[‘dbname‘] }}:
cmd.script:
- name: salt://application/mongo/mongo_user_create.sh
- cwd: /root
- stateful: True
- template: jinja
- default:
username: {{ user[‘username‘] }}
mongo_password: {{ user[‘password‘] }}
privileges: {{ user[‘privileges‘] if ‘privileges‘ in user else [‘read‘] | json() }}
adminuser: {{ mongo[‘adminuser‘] }}
adminpasswd: {{ mongo[‘adminpasswd‘] }}
host: {{ mongo[‘ip‘] if ‘ip‘ in mongo else ‘127.0.0.1‘ }}
port: {{ mongo[‘port‘] if ‘port‘ in mongo else ‘27017‘ }}
dbname: {{ db[‘dbname‘] }}
{% endif %} # delete in user
{% endfor %} # user in db
{% endif %} # user in db
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}#### 创建db脚本
$ cat mongo/mongo_create.sh
#!/usr/bin/env bash
#_author=jony
#判断db是否存在
info=$(echo ‘show dbs‘|mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin)
if echo ${info}|grep -qE "{{ dbname }}"; then
echo "changed=false comment=‘db {{ dbname }} is already present‘"
exit 0
elif [ -n "${1}" -a "${1}" == "test" ];then
echo "changed=false comment=‘db {{ dbname }} is already present ${info}‘ test=True"
exit 0
fi
#创建db
info=$(mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin {{ dbname }} --eval "db.iteminfo.insert({dbinfo:‘mongo for game‘})")
if echo $info |grep -qE "nInserted";then
echo "changed=true comment=‘Create mongodb {{ dbname }} on {{ host }} Success!‘"
exit 0
else
echo "changed=false comment=‘Create mongodb {{ dbname }} on {{ host }} Failed!"
exit 1
fi#### 删除db脚本
$ cat mongo/mongo_drop.sh
#!/usr/bin/env bash
#_autho=jony
#判断db是否存在
info=$(echo ‘show dbs;‘ |mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin)
if echo ${info} |grep -qvE "{{ dbname }}"; then
echo "changed=false comment=‘db {{ dbname }} is absent‘"
exit 0
elif [ -n "${1}" -a "${1}" == "test" ];then
echo "changed=false comment=‘db {{ dbname }} is absent‘ test=True"
exit 0
fi
#创建db
info=$(mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin {{ dbname }} --eval "db.dropDatabase()")
if echo $info |grep -qE ".*dropped.*ok.*1";then
echo "changed=true comment=‘Drop mongodb {{ dbname }} on {{ host }} Success!‘"
exit 0
else
echo "changed=false comment=‘Drop mongodb {{ dbname }} on {{ host }} Failed!‘"
exit 1
fi#### 创建用户并授权
$ cat mongo/mongo_user_create.sh
#!/usr/bin/env bash
#_author=jony
msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUsers()")
_action=0
#判断用户是否存在
if echo ${msg}|grep -qE ‘.*_id" : "{{ dbname }}.{{ username }}"‘;then
# 判断权限是否有变更
_priv=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUser(‘{{ username }}‘)" |awk -F‘:‘ ‘/"role"/{print $2}‘|tr -d ‘\n ",‘)
_cpriv=$(echo {{ privileges }} | tr -d ‘[, ]‘)
if [[ ${_priv} == ${_cpriv} ]]; then
echo "changed=false comment=‘{{ dbname }}.{{ username }} with roles is already present ‘"
exit 0
else
_action=1
fi
elif [ -n "${1}" -a "${1}" == "test" ];then
echo "changed=false comment=‘{{ dbname }}.{{ username }} is already present‘ test=True"
exit 0
fi
if [ ${_action} -eq 0 ];then
#创建用户
msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval ‘db.createUser({user:"{{ username }}",pwd:"{{ mongo_password }}",roles:["{{ privileges }}"]})‘)
if echo $msg |grep -qE "Successfully added";then
echo "changed=true comment=‘Create {{ dbname }}.{{ username }} Success!‘"
exit 0
else
echo "changed=false comment=‘Create {{ dbname }}.{{ username }} Failed!"
exit 1
fi
else
msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval ‘db.updateUser("{{ username }}",{roles:[ "{{ privileges | join(‘","‘) }}" ]})‘)
if [ $? -eq 0 ];then
echo "changed=true comment=‘Change privileges Success!‘${_cpriv} and ${_priv}"
exit 0
else
echo "changed=false comment=‘Change privileges Failed!‘"
exit 1
fi
fi#### 删除用户
$ cat mongo/mongo_user_drop.sh
#!/usr/bin/env bash
#_author=jony
#判断user是否存在
info=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUsers()")
if echo ${info}|grep -qvE "{{ dbname }}.{{ username }}"; then
echo "changed=false comment=‘{{ dbname }}.{{ username }} is already present‘"
exit 0
elif [ -n "${1}" -a "${1}" == "test" ];then
echo "changed=false comment=‘{{ dbname }}.{{ username }} is already present‘ test=True"
exit 0
fi
#删除用户
info=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.dropUser(‘{{ username }}‘)")
if echo $info |grep -qE "true";then
echo "changed=true comment=‘Drop {{ dbname }}.{{ username }} Success!‘"
exit 0
else
echo "changed=false comment=‘Drop {{ dbname }}.{{ username }} Failed!"
exit 1
fi本文出自 “孜孜不倦的学习着...” 博客,谢绝转载!
saltstack 配置mongodb作为后台存储pillar,自动化安装mongodb,创建mongodb用户
原文:http://jonyisme.blog.51cto.com/3690784/1951782