Saltstack state state file configuration instance

Brief introduction

What is? state modular ？

• Remote execution is salt At the heart of .
• Administrators can execute modules remotely by executing , Reach the right minion The control of （ Such as cmd.run “yum install -y httpd”）. But for the minion Environmental or state control , That is, you want minion What kind of state have you reached , use state Modules are more convenient . Just describe what you want salt minion What state can be reached , The executive part consists of state Module to complete .

Remote execution &&State modular :

• difference ： The execution module is procedural , Successive calls will execute the same logic and instructions ; The status module is descriptive , They just do the necessary work , stay minion The specified state is reached according to the description file .
• be-all state Modules will follow this principle , The function is performed only when it is detected that the real state is different from the desired state . This can be done by judgment minion Enter the specified state with minimum cost .

State The configuration file (sls)

SLS Configuration file usage YAML Language description .Salt default sls Of documents renderer yes YAML renderer, Its job is to YAML The structure of the data format is compiled into Python Data structure to Salt Use .

Three important rules ：

• Indent ： Use two spaces , Do not use tab key .
• The colon ： And Python The mapping of is as follows ：

## YAML
my_key: my_value
## python
{'my_key': 'my_value'}

## YAML
my_key1: my_key2：my_value
## python
{'my_key': {
    'my_key2': 'my_value'
    
    }
    
}


     

      
1.
      
2.
      
3.
      
4.
      
5.
      
6.
      
7.
      
8.
      
9.
      
10.
      
11.
      
12.
      
13.
      
14.
      
15.
     

• The short bar ： Use a short bar and a space to represent the list item （Python List in []）

keys:
  - value1
  - value2
  - value3
##  It maps to Python：
{'key':['value1','value2','value3']


     

      
1.
      
2.
      
3.
      
4.
      
5.
      
6.
      
7.
     

State File format :

<ID Declaration>:
  <State Module>.<Function>:
    - name: <name>
    - <Function Arg>
    - <Function Arg>
    - <Function Arg>
    - <Requisite Declaration>:
      - <Requisite Reference>

##  The following is a list of ways to write ：

<ID Declaration>:
  <State Module>.<Function>:
    - <Function Arg>
    - <Function Arg>
    - <Function Arg>
    - <Names>:
      - <name>
      - <name>
      - <name>
    - <Requisite Declaration>:
      - <Requisite Reference>
      - <Requisite Reference>


     

      
1.
      
2.
      
3.
      
4.
      
5.
      
6.
      
7.
      
8.
      
9.
      
10.
      
11.
      
12.
      
13.
      
14.
      
15.
      
16.
      
17.
      
18.
      
19.
      
20.
      
21.
      
22.
      
23.
      
24.
     

State sls In profile ：

• <ID Declaration> Must be unique and effective Python character string , Self defined .
• <State Module>.<Function> The same format as the remote execution command , However, the specific supported modules and functions are different from those executed remotely , Can be passed separately sys.list_state_modules、sys.list_state_functions see , The remote counterpart is sys.list_modules、sys.list_functions.
• Finally, the function parameters , The first function argument is usually name, Then there are the other parameters required for the State . Please refer to sys.state_doc.

Practical cases

• To configure windows A firewall

conf-firewall.sls

configure-firewall:
  win_firewall.disabled:
    - name: allprofiles


     

      
1.
      
2.
      
3.
      
4.
     

Practice effect :

Before execution , Private network and public network firewalls are on ;state After execution , Become closed .

• management windows service

conf-services.sls

# Enable startup and self startup 
enable-boot-services:
  service.enabled:
   - name: w32Time
# Disable power on auto start 
#disable-boot-services:
#  service.disabled:
#    - name: w32Time 
# Qifu 
#start-services:
#  service.running:
#    - names:
#      - w32Time
#      - wuauserv
# Stop taking    
stop-services:
  service.dead:
    - names:
      - w32Time
      - wuauserv
 


     

      
1.
      
2.
      
3.
      
4.
      
5.
      
6.
      
7.
      
8.
      
9.
      
10.
      
11.
      
12.
      
13.
      
14.
      
15.
      
16.
      
17.
      
18.
      
19.
      
20.
      
21.
      
22.
     

Practice effect :

Before execution :

After execution : Both services are stopped , And w32Time It is set to start automatically .

• perform ps Script 【 Take server blocking as an example 】

conf-gateway.sls

clear-gateway:
  cmd.script:
    - name: set_netroute.ps1
    - source: salt://scripts/Deny_Server_Access_InterNet/set_netroute.ps1
    - shell: powershell


     

      
1.
      
2.
      
3.
      
4.
      
5.
      
6.
     

Before execution ：

After execution : The default gateway is deleted .

• Enable RDP Remote desktop

conf-rdp.sls

configure-rdp:
  rdp.enabled


     

      
1.
      
2.
      
3.
     

Practice effect :