SaltStack 自动化运维实战
80327065 2020-03-09
最新版实战 Latest release: 3000 (February 10, 2020)
参考saltStack官方文档
ON THE SALT MASTER
Run these commands on the system that you want to use as the central management point.
curl -L https://bootstrap.saltstack.com -o install_salt.sh sudo sh install_salt.sh -P -M Your Salt master can manage itself, so a Salt minion is installed along with the Salt master. If you do not want to install the minion, also pass the -N option.
ON EACH SALT MINION
Run these commands on each system that you want to manage using Salt.
curl -L https://bootstrap.saltstack.com -o install_salt.sh sudo sh install_salt.sh -P
实战配置服务器如下
master 192.168.0.120 centos120 node1 192.168.0.121 centos121 node2 192.168.0.122 centos122
以上三台服务均关闭selinux ,firewalld,设置/etc/hosts ,也就是它们可以hostname相互访问,且可以访问互联网,这些简单操作就不在这里展示步骤了。
1.下面开始安装
在master 端
[ ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 283k 100 283k 0 0 51683 0 0:00:05 0:00:05 --:--:-- 70732
[ ~]# ll install_salt.sh
-rw-r--r-- 1 root root 290571 Mar 8 13:09 install_salt.sh
[ ~]#
[ ~]# sh install_salt.sh -P -M
* INFO: Running version: 2020.02.24
* INFO: Executed by: sh
* INFO: Command line: ‘install_salt.sh -P -M‘
* INFO: System Information:
* INFO: CPU: GenuineIntel
* INFO: CPU Arch: x86_64
* INFO: OS Name: Linux
* INFO: OS Version: 3.10.0-957.el7.x86_64
* INFO: Distribution: CentOS 7.6
* INFO: Installing minion
* INFO: Installing master
* INFO: Found function install_centos_stable_deps
* INFO: Found function config_salt
* INFO: Found function preseed_master
* INFO: Found function install_centos_stable
* INFO: Found function install_centos_stable_post
* INFO: Found function install_centos_restart_daemons
* INFO: Found function daemons_running
* INFO: Found function install_centos_check_services
* INFO: Running install_centos_stable_deps()
.......
Installed:
salt-master.noarch 0:3000-1.el7 salt-minion.noarch 0:3000-1.el7
Dependency Installed:
libsodium.x86_64 0:1.0.18-1.el7
libtomcrypt.x86_64 0:1.17-26.el7
libtommath.x86_64 0:0.42.0-6.el7
openpgm.x86_64 0:5.2.122-2.el7
python-babel.noarch 0:0.9.6-8.el7
python-backports_abc.noarch 0:0.5-11.el7
python-jinja2.noarch 0:2.7.2-4.el7
python-markupsafe.x86_64 0:0.11-10.el7
python-requests.noarch 0:2.6.0-8.el7_7
python-singledispatch.noarch 0:3.4.0.3-16.el7
python-six.noarch 0:1.9.0-2.el7
python-urllib3.noarch 0:1.10.2-7.el7
python-zmq.x86_64 0:15.3.0-3.el7
python2-crypto.x86_64 0:2.6.1-16.el7
python2-futures.noarch 0:3.1.1-5.el7
python2-msgpack.x86_64 0:0.6.2-2.el7
python2-psutil.x86_64 0:5.6.7-1.el7
salt.noarch 0:3000-1.el7
systemd-python.x86_64 0:219-67.el7_7.3
zeromq.x86_64 0:4.1.4-7.el7
Dependency Updated:
python-setuptools.noarch 0:36.6.0-2.ius.el7
systemd.x86_64 0:219-67.el7_7.3
systemd-libs.x86_64 0:219-67.el7_7.3
systemd-sysv.x86_64 0:219-67.el7_7.3
Complete!
* INFO: Running install_centos_stable_post()
* INFO: Running install_centos_check_services()
* INFO: Running install_centos_restart_daemons()
* INFO: Running daemons_running()
* INFO: Salt installed!
[ ~]#从上面可以知道其安装了那些包,到此处master 端安装成功,也就是管理节点。
- 下面开始安装minion节点,也就是需要管理的节点(在生产环境中,如web服务节点,数据库节点,存储节点,这些需要批量发布代码,配置等等服务器)
[ ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh [ ~]# ll install_salt.sh -rw-r--r-- 1 root root 290571 Mar 8 13:13 install_salt.sh [ ~]# [ ~]# sh install_salt.sh -P * INFO: Running version: 2020.02.24 * INFO: Executed by: sh * INFO: Command line: ‘install_salt.sh -P‘ * INFO: System Information: * INFO: CPU: GenuineIntel * INFO: CPU Arch: x86_64 * INFO: OS Name: Linux * INFO: OS Version: 3.10.0-957.el7.x86_64 * INFO: Distribution: CentOS 7.6 * INFO: Installing minion * INFO: Found function install_centos_stable_deps * INFO: Found function config_salt * INFO: Found function preseed_master * INFO: Found function install_centos_stable * INFO: Found function install_centos_stable_post * INFO: Found function install_centos_restart_daemons * INFO: Found function daemons_running * INFO: Found function install_centos_check_services * INFO: Running install_centos_stable_deps() ............. Installed: salt-minion.noarch 0:3000-1.el7 Dependency Installed: libsodium.x86_64 0:1.0.18-1.el7 libtomcrypt.x86_64 0:1.17-26.el7 libtommath.x86_64 0:0.42.0-6.el7 openpgm.x86_64 0:5.2.122-2.el7 python-babel.noarch 0:0.9.6-8.el7 python-backports.x86_64 0:1.0-8.el7 python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 python-backports_abc.noarch 0:0.5-11.el7 python-ipaddress.noarch 0:1.0.16-2.el7 python-jinja2.noarch 0:2.7.2-4.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-requests.noarch 0:2.6.0-8.el7_7 python-setuptools.noarch 0:36.6.0-2.ius.el7 python-singledispatch.noarch 0:3.4.0.3-16.el7 python-six.noarch 0:1.9.0-2.el7 python-urllib3.noarch 0:1.10.2-7.el7 python-zmq.x86_64 0:15.3.0-3.el7 python2-crypto.x86_64 0:2.6.1-16.el7 python2-futures.noarch 0:3.1.1-5.el7 python2-msgpack.x86_64 0:0.6.2-2.el7 python2-psutil.x86_64 0:5.6.7-1.el7 salt.noarch 0:3000-1.el7 systemd-python.x86_64 0:219-67.el7_7.3 zeromq.x86_64 0:4.1.4-7.el7 Dependency Updated: systemd.x86_64 0:219-67.el7_7.3 systemd-libs.x86_64 0:219-67.el7_7.3 systemd-sysv.x86_64 0:219-67.el7_7.3 Complete! * INFO: Running install_centos_stable_post() * INFO: Running install_centos_check_services() * INFO: Running install_centos_restart_daemons() * INFO: Running daemons_running() * INFO: Salt installed! [ ~]#
同理centos122节点minion,到此处minion 端安装完成。
3.下面开始配置
配置之前需要了解的知识点:
saltstack简单介绍
Saltstack是一种全新的基础设施管理方式,是一个服务器基础架构集中化管理平台,几分钟内便可运行起来,速度够快,服务器之间秒级通讯,扩展性好,很容易批量管理上万台服务器,显著降低人力与运维成本;它具备配置管理、远程执行、监控等功能,一般可以理解为简化版的puppet和加强版的func;通过部署SaltStack环境,可以在成千上万台服务器上做到批量执行命令,根据不同业务特性进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)(SaltStack的通信模式总共分为2种模式:ZeroMQ、REAT,鉴于REAT目前还不是太稳定,通常会选择ZeroMQ模式)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。
Saltstack运行模式:
Local:本地,一台机器玩,不建议。
Master/Minion:通过server/agent的方式进行管理,效率很高(批量管理1000台机器,25秒搞定)。
Salt SSH:通过SSH方式进行管理,效率相对来说比较低(批量管理1000台机器,83秒搞定)。
Saltstack三大功能:
远程执行(执行远程命令)
配置管理(状态管理)
云管理
Saltstack特征:
1)部署简单、方便;
2)支持大部分UNIX/Linux及Windows环境;
3)主从集中化管理;
4)配置简单、功能强大、扩展性强;
5)主控端(master)和被控端(minion)基于证书认证,安全可靠;
6)支持API及自定义模块,可通过Python轻松扩展。
Master与Minion认证:
1)minion在第一次启动时,会在/etc/salt/pki/minion/(该路径在/etc/salt/minion里面设置)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。
2)master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的 public key,然后master就能对minion发送指令了。
Master与Minion的连接:
1)SaltStack master启动后默认监听4505和4506两个端口。4505(publish_port)为saltstack的消息发布系统,4506(ret_port)为saltstack客户端与服务端通信的端口。如果使用lsof 查看4505端口,会发现所有的minion在4505端口持续保持在ESTABLISHED状态。
2)minion与master之间的通信模式如下:
现在开始配置,
先查看服务端安装了那些文件:
[ ~]# ll /etc/salt/ total 132 -rw------- 1 root root 2927 Feb 2 07:15 cloud drwx------ 2 root root 6 Feb 5 02:46 cloud.conf.d drwx------ 2 root root 6 Feb 5 02:46 cloud.deploy.d drwx------ 2 root root 6 Feb 5 02:46 cloud.maps.d drwx------ 2 root root 6 Feb 5 02:46 cloud.profiles.d drwx------ 2 root root 6 Feb 5 02:46 cloud.providers.d -rw-r----- 1 root root 51534 Feb 2 07:15 master drwxr-xr-x 2 root root 6 Feb 5 02:46 master.d -rw-r----- 1 root root 37370 Feb 2 07:15 minion drwxr-xr-x 2 root root 6 Feb 5 02:46 minion.d -rw-r--r-- 1 root root 9 Mar 8 13:13 minion_id drwxr-xr-x 4 root root 34 Mar 8 13:13 pki -rw-r----- 1 root root 28289 Feb 2 07:15 proxy drwxr-xr-x 2 root root 6 Feb 5 02:46 proxy.d -rw-r----- 1 root root 344 Feb 2 07:15 roster [ ~]#
minion 端安装了什么文件
[ ~]# ll /etc/salt/ total 132 -rw------- 1 root root 2927 Feb 2 07:15 cloud drwx------ 2 root root 6 Feb 5 02:46 cloud.conf.d drwx------ 2 root root 6 Feb 5 02:46 cloud.deploy.d drwx------ 2 root root 6 Feb 5 02:46 cloud.maps.d drwx------ 2 root root 6 Feb 5 02:46 cloud.profiles.d drwx------ 2 root root 6 Feb 5 02:46 cloud.providers.d -rw-r----- 1 root root 51534 Feb 2 07:15 master drwxr-xr-x 2 root root 6 Feb 5 02:46 master.d -rw-r----- 1 root root 37370 Feb 2 07:15 minion drwxr-xr-x 2 root root 6 Feb 5 02:46 minion.d -rw-r--r-- 1 root root 9 Mar 8 13:45 minion_id drwxr-xr-x 4 root root 34 Mar 8 13:45 pki -rw-r----- 1 root root 28289 Feb 2 07:15 proxy drwxr-xr-x 2 root root 6 Feb 5 02:46 proxy.d -rw-r----- 1 root root 344 Feb 2 07:15 roster [ ~]#
配置主控端:
[ salt]# cp -p master master.bk.20200308 [ salt]# vi master [ salt]# diff master master.bk.20200308 15c15 < interface: 192.168.0.120 --- > #interface: 0.0.0.0 [ salt]#
配置minion端,一共有3个minion:
[ salt]# cp -p minion minion.bk.20200308 [ salt]# diff minion minion.bk.20200308 16c16 < master: 192.168.0.120 --- > #master: salt [ salt]# [ salt]# cp -p minion minion.bk.20200308 [ salt]# diff minion minion.bk.20200308 16c16 < master: 192.168.0.120 --- > #master: salt [ salt]# [ salt]# cp -p minion minion.bk.20200308 [ salt]# diff minion minion.bk.20200308 16c16 < master: 192.168.0.120 --- > #master: salt [ salt]#
启动master端 服务:
[ salt]# systemctl start salt-master
[ salt]# systemctl status salt-master
● salt-master.service - The Salt Master Server
Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-03-08 13:13:55 CST; 1h 3min ago
Docs: man:salt-master(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
Main PID: 8295 (salt-master)
CGroup: /system.slice/salt-master.service
├─8295 /usr/bin/python /usr/bin/salt-master
├─8302 /usr/bin/python /usr/bin/salt-master
├─8321 /usr/bin/python /usr/bin/salt-master
├─8323 /usr/bin/python /usr/bin/salt-master
├─8326 /usr/bin/python /usr/bin/salt-master
├─8327 /usr/bin/python /usr/bin/salt-master
├─8328 /usr/bin/python /usr/bin/salt-master
├─8329 /usr/bin/python /usr/bin/salt-master
├─8330 /usr/bin/python /usr/bin/salt-master
├─8331 /usr/bin/python /usr/bin/salt-master
├─8332 /usr/bin/python /usr/bin/salt-master
├─8340 /usr/bin/python /usr/bin/salt-master
└─8342 /usr/bin/python /usr/bin/salt-master
Mar 08 13:13:53 centos120 systemd[1]: Starting The Salt Master Server...
Mar 08 13:13:54 centos120 salt-master[8295]: /usr/lib/python2.7/site-packages/salt/scripts.py:109: DeprecationWarni...ater.
Mar 08 13:13:55 centos120 systemd[1]: Started The Salt Master Server.
Hint: Some lines were ellipsized, use -l to show in full.
[ salt]#
[ salt]# netstat -antupl | grep python
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 8321/python
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 8328/python
[ salt]#
[ salt]# ps -ef | grep salt
root 8295 1 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8302 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8321 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8322 1 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 8323 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8326 8295 0 13:13 ? 00:00:12 /usr/bin/python /usr/bin/salt-master
root 8327 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8328 8327 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8329 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8330 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8331 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8332 8295 0 13:13 ? 00:00:08 /usr/bin/python /usr/bin/salt-master
root 8340 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8342 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8365 8322 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-minion
root 8371 8365 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 14012 7302 0 14:31 pts/0 00:00:00 grep --color=auto salt
[ salt]#启动minion端 服务:
[ salt]# systemctl start salt-minion
[ salt]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-03-08 14:00:46 CST; 27min ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
Main PID: 7563 (salt-minion)
CGroup: /system.slice/salt-minion.service
├─7563 /usr/bin/python /usr/bin/salt-minion
├─7567 /usr/bin/python /usr/bin/salt-minion
└─7573 /usr/bin/python /usr/bin/salt-minion
Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Hint: Some lines were ellipsized, use -l to show in full.
[ salt]# ll
[ salt]# ps -ef | grep salt
root 7563 1 0 14:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 7567 7563 0 14:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 7573 7567 0 14:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 8968 7030 0 14:29 pts/0 00:00:00 grep --color=auto salt
[ salt]#同理centos120 ,centos121一样启动。
- 开始配置认证:
重启所有服务:
[ salt]# sytemctl restart salt-master [ salt]# systemctl restart salt-minion [ salt]# systemctl restart salt-minion [ salt]# systemctl restart salt-minion
salt-minion 启动后,会自动向salt-master 发送公钥,
所以只要在salt-master 接受一下就可以
开始接受所有salt-minion公钥:
[ salt]# salt-key -A The following keys are going to be accepted: Unaccepted Keys: centos120 centos121 centos122 Proceed? [n/Y] Y Key for minion centos120 accepted. Key for minion centos121 accepted. Key for minion centos122 accepted. [ salt]#
查看salt-minion端接受到的公钥:
[ salt]# ll /etc/salt/pki/minion/ total 12 -rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub -r-------- 1 root root 1674 Mar 8 14:42 minion.pem -rw-r--r-- 1 root root 450 Mar 8 14:42 minion.pub [ salt]# ll /etc/salt/pki/master/ total 8 -r-------- 1 root root 1678 Mar 8 13:13 master.pem -rw-r--r-- 1 root root 450 Mar 8 13:13 master.pub drwxr-xr-x 2 root root 57 Mar 8 14:45 minions drwxr-xr-x 2 root root 6 Mar 8 13:13 minions_autosign drwxr-xr-x 2 root root 6 Mar 8 13:13 minions_denied drwxr-xr-x 2 root root 6 Mar 8 14:45 minions_pre drwxr-xr-x 2 root root 6 Mar 8 13:13 minions_rejected [ salt]# cat /etc/salt/pki/minion/minion_master.pub -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTwWyV0gi7yFKKBt2tiS thOEu6v1kn4OKM1TEcdIz7XzNUUS+ve/Jz51dH2X2ykW3lLkJqzM7AXunlWH0E5n 9vAzckMtXgjQ8/JrbRbIjDNiEAFqrJDMwDb5Zl4KUJUHZJW6LaT2WR5S9iCRNR+w lK9SIpvCcBgfboUNt6u2ttIc4CW5UeIS7w6DGlrXv+9sD6djmjiWrmEjKJt0o9vR myyJOQ3gXC9o/rv4HCmhJwSpqkDb93d4zs4M7jFssY2jfRKzY9paId/dgtkMcT1J /J801mZv1DNV0mXZjEk8CqGFziO+8/UOFs/9yu1L3gDOQoysR5eAqOmTQN2pKgxL FwIDAQAB -----END PUBLIC KEY----- [ salt]#
查看生成的key:
[ minion]# ll /etc/salt/pki/minion/ total 12 -rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub -r-------- 1 root root 1678 Mar 8 14:41 minion.pem -rw-r--r-- 1 root root 450 Mar 8 14:41 minion.pub [ minion]# [ minion]# [ minion]# ll /etc/salt/pki/master/ total 0 [ minion]# [ salt]# ll /etc/salt/pki/minion/ total 12 -rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub -r-------- 1 root root 1678 Mar 8 14:42 minion.pem -rw-r--r-- 1 root root 450 Mar 8 14:42 minion.pub [ salt]# ll /etc/salt/pki/master/ total 0 [ salt]#
salt-master 和 salt-minion 证书认证配置到此完成。
- 测试批量处理
远程执行命令:
[ salt]# salt ‘centos121‘ test.ping
centos121:
True
[ salt]# salt ‘*‘ test.ping
centos121:
True
centos122:
True
centos120:
True
[ salt]#
[ salt]# salt ‘centos121‘ cmd.run ‘df -h‘
centos121:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 17G 1.5G 16G 9% /
devtmpfs 475M 0 475M 0% /dev
tmpfs 487M 40K 487M 1% /dev/shm
tmpfs 487M 7.7M 479M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sdb2 105M 8.0M 97M 8% /gluster/brick2
/dev/sda1 1014M 146M 869M 15% /boot
/dev/sdb1 92M 7.2M 85M 8% /gluster/brick1
tmpfs 98M 0 98M 0% /run/user/0
[ salt]# salt ‘centos121‘ cmd.run ‘w‘
centos121:
14:52:54 up 1:45, 1 user, load average: 0.08, 0.03, 0.05
USER TTY FROM IDLE JCPU PCPU WHAT
root pts/0 192.168.0.101 13:08 3:10 0.10s 0.10s -bash
[ salt]#远程指定多台server :
[ salt]# salt -L ‘centos120, centos121‘ cmd.run ‘hostname‘
centos121:
centos121
centos120:
centos120
[ salt]#- salt组件介绍
saltstack之grains介绍:
GRAINS 组件是saltstack中非常重要的一个组件,其主要用于记录Minion的一些静态信息,如比:CPU、内存、磁盘、网络等。grains信息是每次客户端启动后自动上报给master的,一旦这些静态信息发生改变需要重启minion 或者 重新同步下 grains。
grains 是在minion启动收集到的一些信息,比如操作系统的类型,网卡IP,内存版本,CPU信息等。
[ salt]# salt -L ‘centos121‘ grains.ls
centos121:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- cwd
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- fqdns
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
[ salt]#查看items:
[ salt]# salt -L ‘centos121‘ grains.items
centos121:
----------
SSDs:
biosreleasedate:
07/02/2015
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- ht
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- eagerfpu
- pni
- pclmulqdq
- vmx
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- epb
- tpr_shadow
- vnmi
- ept
- vpid
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- rdseed
- adx
- smap
- xsaveopt
- dtherm
- ida
- arat
- pln
- pts
- hwp
- hwp_notify
- hwp_act_window
- hwp_epp
cpu_model:
Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
cpuarch:
x86_64
cwd:
/
disks:
- sda
- sdb
- sr0
- dm-0
- dm-1
dns:
----------
domain:
ip4_nameservers:
- 192.168.0.1
- 192.168.1.1
ip6_nameservers:
nameservers:
- 192.168.0.1
- 192.168.1.1
options:
search:
- DHCP
- HOST
sortlist:
domain:
fqdn:
centos121
fqdn_ip4:
- 192.168.0.121
fqdn_ip6:
- fe80::4eff:a5b2:4d5b:ae08
- fe80::2f47:1e27:f7e1:ea88
fqdns:
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
vmware
groupname:
root
host:
centos121
hwaddr_interfaces:
----------
ens33:
00:0c:29:51:46:50
ens37:
00:0c:29:51:46:5a
lo:
00:00:00:00:00:00
id:
centos121
init:
systemd
ip4_gw:
192.168.0.1
ip4_interfaces:
----------
ens33:
- 192.168.0.121
ens37:
- 192.168.0.102
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
ens33:
- fe80::2f47:1e27:f7e1:ea88
ens37:
- fe80::4eff:a5b2:4d5b:ae08
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
ens33:
- 192.168.0.121
- fe80::2f47:1e27:f7e1:ea88
ens37:
- 192.168.0.102
- fe80::4eff:a5b2:4d5b:ae08
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.0.102
- 192.168.0.121
ipv6:
- ::1
- fe80::2f47:1e27:f7e1:ea88
- fe80::4eff:a5b2:4d5b:ae08
kernel:
Linux
kernelrelease:
3.10.0-957.el7.x86_64
kernelversion:
#1 SMP Thu Nov 8 23:39:32 UTC 2018
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
UTF-8
timezone:
unknown
localhost:
centos121
lsb_distrib_codename:
CentOS Linux 7 (Core)
lsb_distrib_id:
CentOS Linux
machine_id:
25f97b4fbbea4c2a8e8940747c895695
manufacturer:
VMware, Inc.
master:
192.168.0.120
mdadm:
mem_total:
972
nodename:
centos121
num_cpus:
8
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Linux 7 (Core)
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.6.1810
osrelease_info:
- 7
- 6
- 1810
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
9033
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
3000
saltversioninfo:
- 3000
- None
- None
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d f8 fe ac f0 e1 1a-34 0a 67 d6 1b 51 46 50
server_id:
1110840923
shell:
/bin/sh
swap_total:
2047
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
uid:
0
username:
root
uuid:
fef84d56-f0ac-1ae1-340a-67d61b514650
virtual:
VMware
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.1.4
[ salt]#- 启动grains的信息并不是动态的,并不会时时变更,它只是在minion启动时收集到的,我们可以根据grains收集到的一些信息,做配置管理工作,可以支持自定义一些监控项。
[ minion]# vi /etc/salt/grains [ minion]# cat /etc/salt/grains role: web1_server env: test myname: web1 myhostname: web1.com [ minion]#
然后重启minion
7.1 查看刚刚自定义的值
8.
[ salt]# salt -L ‘centos121‘ grains.items | egrep -A 1 ‘role|env|myname|myhostname‘
env:
test
--
myhostname:
web1.com
myname:
web1
--
role:
web1_server
[ salt]#7.2 单独查看item:
[ salt]# salt -L ‘centos121‘ grains.item env
centos121:
----------
env:
test
[ salt]#7.3 我们可以借助grains的一些属性信息来执行一些命令:
[ salt]# salt -G env:test cmd.run ‘w‘
centos121:
15:06:41 up 1:59, 1 user, load average: 0.08, 0.03, 0.05
USER TTY FROM IDLE JCPU PCPU WHAT
root pts/0 192.168.0.101 13:08 5:45 0.14s 0.14s -bash
[ salt]#- saltstack之pillar介绍:
grains用于存储静态不易变更的数据,而pillar一般用来存储动态的、敏感的数据;通过minion端和master端都可以配置设置或获取grains信息,而pillar信息只能在master端配置,再到minion端执行。
pillar和grains不一样,是在master上定义的,并且是针对minion定义的一些信息,可以自定义变量等
自定义配置pillar过程:
8.1 在master 端centos120上配置pillar :
找到pillar_roots 这项,取消下面三行的注释
[ salt]# cp -p master master.bk.20200308-2 [ salt]# vi master [ salt]# diff master master.bk.20200308-2 837,839c837,839 < pillar_roots: < base: < - /srv/pillar --- > #pillar_roots: # base: > # - /srv/pillar
创建pillar文件的存放目录:
[ salt]# mkdir -p /srv/pillar [ salt]# cd !$ cd /srv/pillar [ pillar]#
创建配置文件,编辑如下内容:
[ pillar]# vi httpd.sls [ pillar]# cat httpd.sls conf: /etc/httpd/conf/httpd.conf servername: web1.com
注意冒号后有空格
创建编写入口配置文件 即top.sls文件
[ pillar]# pwd
/srv/pillar
[ pillar]# vi top.sls
[ pillar]# cat top.sls
base:
‘centos121‘:
- httpd
[ pillar]#注意- 后有空格
重启salt-master 服务
[ pillar]# systemctl restart salt-master [ pillar]#
可以通过刷新来获取新的状态
[ pillar]# salt ‘*‘ saltutil.refresh_pillar
centos121:
True
centos122:
True
centos120:
True
[ pillar]#查看
[ pillar]# salt ‘*‘ pillar.items
centos120:
----------
centos121:
----------
conf:
/etc/httpd/conf/httpd.conf
servername:
web1.com
centos122:
----------
[ pillar]#9 .Saltstack 配置管理服务
1、配置安装apache
取消下面三行注释,注意空格
[ salt]# cp -p master master.bk.20200308-3 [ salt]# vi master [ salt]# diff master master.bk.20200308-3 657,659c657,659 < file_roots: < base: < - /srv/salt/ --- > # file_roots: > # base: > # - /srv/salt/ [ salt]#
创建配置文件存储目录 并创建入口文件
[ ~]# mkdir /srv/salt
[ ~]# cd !$
cd /srv/salt
[ salt]# vi top.sls
[ salt]# cat top.sls
base:
‘centos121‘:
- apache
[ salt]#重启服务:
[ salt]# !syste systemctl restart salt-master [ salt]#
创建编写apache模块的配置文件
[ salt]# vi apache.sls
[ salt]# cat apache.sls
apache-service:
pkg.installed:
- names:
-httpd
-httpd-devel
service.running:
- name: httpd
- enable: True
[ salt]#注意:行对齐 -有空格
apache-service是ID的名称,自定义的。pkg.installed为包安装函数,下面是要安装的包的名字。service.running也是一个函数,来保证指定的服务启动,enable表示开机启动。
配置好文件,执行
[ salt]# salt ‘centos121‘ state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 18:43:58.483864
Duration: 18618.516 ms
Changes:
----------
apr:
----------
new:
1.4.8-5.el7
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-90.el7.centos
old:
httpd-tools:
----------
new:
2.4.6-90.el7.centos
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 18:44:17.118830
Duration: 7455.336 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-5.el7
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-90.el7.centos
old:
libdb:
----------
new:
5.3.21-25.el7
old:
5.3.21-24.el7
libdb-devel:
----------
new:
5.3.21-25.el7
old:
libdb-utils:
----------
new:
5.3.21-25.el7
old:
5.3.21-24.el7
openldap:
----------
new:
2.4.44-21.el7_6
old:
2.4.44-20.el7
openldap-devel:
----------
new:
2.4.44-21.el7_6
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 18:44:24.583323
Duration: 211.858 ms
Changes:
----------
httpd:
True
Summary for centos121
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 26.286 s
[ salt]#从上述结果可以知道,可以成功执行
查看被执行的minion上的httpd的确被安装,启动和enabled
[ salt]# netstat -antupl | grep 80 tcp6 0 0 :::80 :::* LISTEN 10233/httpd udp6 0 0 fe80::2f47:1e27:f7e:123 :::* 6525/ntpd [ salt]# [ salt]# systemctl is-enabled httpd enabled [ salt]#
10.配置远程文件管理
创建一个文件管理的模块
[ salt]# pwd
/etc/salt
[ salt]# vi filecopy.sls
[ salt]# cat filecopy.sls
filecopy:
file.managed:
- name: /tmp/test.file
- source: salt://test/index.php
- user: root
- group: root
- mode: 644
[ salt]#注意:第一行的 filecopy 为自定的名字,表示该配置段的名字,可以在别的配置段中引用它;source指定文件从哪里拷贝,这里的 test 目录相当于是 /srv/salt/test 目录;name指定远程客户端要生成的文件。
新建所要测试的源文件
[ srv]# mkdir -p /srv/salt/test [ srv]# echo "test salt file managed" > /srv/salt/test/index.php
在入口文件里添加模块
[ salt]# vi top.sls
[ salt]# cat top.sls
base:
‘centos121‘:
- apache
- filecopy
[ salt]#测试执行
[ salt]# salt ‘centos121‘ state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 22:38:32.908055
Duration: 760.4 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 22:38:33.668754
Duration: 16.474 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 22:38:33.686516
Duration: 46.938 ms
Changes:
----------
ID: filecopy
Function: file.managed
Name: /tmp/test.file
Result: True
Comment: File /tmp/test.file updated
Started: 22:38:33.753042
Duration: 32.348 ms
Changes:
----------
diff:
New file
mode:
0644
Summary for centos121
------------
Succeeded: 4 (changed=1)
Failed: 0
------------
Total states run: 4
Total run time: 856.160 ms
[ salt]#查看结果
[ ~]# ll /tmp/test.file -rw-r--r-- 1 root root 23 Mar 8 22:38 /tmp/test.file [ ~]# cat !$ cat /tmp/test.file test salt file managed [ ~]#
12.配置文件夹管理:
创建一个文件夹管理的模块
[ salt]# cat filedir.sls
file_dir:
file.recurse:
- name: /tmp/testdir
- source: salt://test
- user: root
- group: root
- file_mode: 644
- dir_mode: 755
- mkdir: True
- clean: True在入口文件里添加模块
[ salt]# vi top.sls
[ salt]# cat top.sls
base:
‘centos121‘:
- apache
- filecopy
- filedir
[ salt]#测试文件夹管理
[ salt]# salt ‘centos121‘ state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 22:47:17.475869
Duration: 636.77 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 22:47:18.112930
Duration: 16.986 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 22:47:18.130854
Duration: 45.213 ms
Changes:
----------
ID: filecopy
Function: file.managed
Name: /tmp/test.file
Result: True
Comment: File /tmp/test.file is in the correct state
Started: 22:47:18.179219
Duration: 21.548 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 22:47:18.200950
Duration: 86.558 ms
Changes:
----------
/tmp/testdir/index.php:
----------
diff:
New file
mode:
0644
Summary for centos121
------------
Succeeded: 5 (changed=1)
Failed: 0
------------
Total states run: 5
Total run time: 807.075 ms
[ salt]#客户端查看是否有/tmp/testdir 目录
[ ~]# ls -ltr /tmp/testdir total 4 -rw-r--r-- 1 root root 23 Mar 8 22:47 index.php [ ~]#
- saltstack远程执行命令
创建执行命令的配置文件:
[ salt]# vi cmd.sls
[ salt]# cat cmd.sls
cmd_test:
cmd.run:
- unless: test -f /tmp/gnu.index
- names:
- touch /tmp/cmdfile.index
- mkdir /tmp/cmd
- user: root
[ salt]#注意:unless: 表示若 /tmp/gnu.index文件不存在,也就是结果为True则执行-name后面的命令,为false则不执行;还可以使用 onlyif 表示若 /tmp/gnu.index文件存在,则执行后面的命令;两者正好相反。
在入口文件里添加模块
[ salt]# vi top.sls
[ salt]# cat top.sls
base:
‘centos121‘:
- apache
- filecopy
- filedir
- cmd
[ salt]#测试执行命令
[ salt]# salt ‘centos121‘ state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 22:53:35.762137
Duration: 635.316 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 22:53:36.397764
Duration: 16.511 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 22:53:36.415052
Duration: 44.985 ms
Changes:
----------
ID: filecopy
Function: file.managed
Name: /tmp/test.file
Result: True
Comment: File /tmp/test.file is in the correct state
Started: 22:53:36.463189
Duration: 21.523 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: The directory /tmp/testdir is in the correct state
Started: 22:53:36.484894
Duration: 29.106 ms
Changes:
----------
ID: cmd_test
Function: cmd.run
Name: touch /tmp/cmdfile.index
Result: True
Comment: Command "touch /tmp/cmdfile.index" run
Started: 22:53:36.522364
Duration: 31.084 ms
Changes:
----------
pid:
11407
retcode:
0
stderr:
stdout:
----------
ID: cmd_test
Function: cmd.run
Name: mkdir /tmp/cmd
Result: True
Comment: Command "mkdir /tmp/cmd" run
Started: 22:53:36.553711
Duration: 20.647 ms
Changes:
----------
pid:
11409
retcode:
0
stderr:
stdout:
Summary for centos121
------------
Succeeded: 7 (changed=2)
Failed: 0
------------
Total states run: 7
Total run time: 799.172 ms
[ salt]#查看客户端结果
[ ~]# ls -ltr /tmp/ | tail -2 -rw-r--r-- 1 root root 0 Mar 8 22:53 cmdfile.index drwxr-xr-x 2 root root 6 Mar 8 22:53 cmd [ ~]#
14.saltstack远程执行shell脚本
创建执行shell 脚本配置文件
[ salt]# vi shell.sls [ salt]# cat shell.sls shell_test: cmd.script: - source: salt://test/gnu.sh - user: root [ salt]#
创建shell脚本
[ salt]# vi test/gnu.sh [ salt]# cat test/gnu.sh #!/bin/bash systemctl stop httpd >> /tmp/log
在入口文件中添加执行配置
[ salt]# cat top.sls
base:
‘centos121‘:
- shell
[ salt]#测试执行
[ salt]# salt ‘centos121‘ state.highstate
centos121:
----------
ID: shell_test
Function: cmd.script
Result: True
Comment: Command ‘shell_test‘ run
Started: 23:03:13.523069
Duration: 1064.226 ms
Changes:
----------
pid:
11703
retcode:
0
stderr:
stdout:
Summary for centos121
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 1.064 s
[ salt]#查看结果
[ ~]# cat /tmp/log [ ~]#
相关推荐
80327065 0喜欢 / 0评论 2020-06-28
80327065 0喜欢 / 0评论 2020-06-08
SSCCGo 0喜欢 / 0评论 2020-04-10
88403461 0喜欢 / 0评论 2020-03-28
88403461 0喜欢 / 0评论 2020-03-28
83317360 0喜欢 / 0评论 2020-03-28
82413564 0喜欢 / 0评论 2020-03-28
80183857 0喜欢 / 0评论 2020-03-28
SSCCGo 0喜欢 / 0评论 2020-03-28
SSCCGo 0喜欢 / 0评论 2020-03-26
SSCCGo 0喜欢 / 0评论 2020-03-23
80183857 0喜欢 / 0评论 2020-02-27
80327065 0喜欢 / 0评论 2020-02-20
80327065 0喜欢 / 0评论 2020-02-03
SSCCGo 0喜欢 / 0评论 2019-12-28
80327065 0喜欢 / 0评论 2019-12-23
quguang 0喜欢 / 0评论 2019-12-02
89367161 0喜欢 / 0评论 2019-10-19
80183857 0喜欢 / 0评论 2019-10-19
82413564 0喜欢 / 0评论 2019-10-19
SSCCGo 0喜欢 / 0评论 2019-10-19
80327065 0喜欢 / 0评论 2019-06-27
89367161 0喜欢 / 0评论 2019-06-27
SSCCGo 0喜欢 / 0评论 2019-06-20
82264356 0喜欢 / 0评论 2019-06-20
89367161 0喜欢 / 0评论 2017-04-19
83317360 0喜欢 / 0评论 2018-05-28
80327065 0喜欢 / 0评论 2017-12-21
85274257 0喜欢 / 0评论 2017-12-21
wennuanwarm 0喜欢 / 0评论 2017-10-13
Justypc 0喜欢 / 0评论 2017-10-13
80183857 0喜欢 / 0评论 2017-09-24
lwplvx 0喜欢 / 0评论 2017-09-24
89183557 0喜欢 / 0评论 2017-06-25
SSCCGo 0喜欢 / 0评论 2016-08-23
yunfeiyang0 0喜欢 / 0评论 2015-12-20
88403461 0喜欢 / 0评论 2015-10-02
82413564 0喜欢 / 0评论 2015-02-22
jayjaydream 0喜欢 / 0评论 2014-08-25
Python探路者 0喜欢 / 0评论 2016-03-01
82264356 0喜欢 / 0评论 2016-03-01
xuyunti 0喜欢 / 0评论 2014-03-25
前端外刊评论 0喜欢 / 0评论 2018-04-10
心理学哲学批判性思维 0喜欢 / 0评论 2018-03-29
学习编程 0喜欢 / 0评论 2017-12-10
Unix Linux 0喜欢 / 0评论 2016-11-21
手机操作系统 0喜欢 / 0评论 2016-10-02