SaltStack简介
1.运行方式3种
a.Loacl 本地
b.Master/Minion 主节点/奴隶(最传统的)
c.Salt SSH
2.三大功能
a.远程执行
b.配置管理
c.云管理
1.系统环境准备
1.CentOS 7.1系统1台,2G内存,50G硬盘
zon161 192.168.1.161 网卡(桥接) eth0 主节点(Master)从节点(Minion )
2.系统版本,内核,防火墙,IP地址
#zon161 主节点(Master)从节点(Minion )
[root@zon161 ~]# cat /etc/redhat-release && uname -r
CentOS Linux release 7.1.1503 (Core)
3.10.0-229.el7.x86_64
[root@zon161 ~]# getenforce && systemctl status firewalld;hostname -I
Disabled
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
192.168.1.161
#更换阿里Yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup && wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#更换阿里epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache
#hosts
vim /etc/hosts
192.168.1.161 zon161
2.SaltStack安装
#192.168.1.161#主节点(Master)
yum install salt-master -y
#启动master
systemctl start salt-master
#从节点(Minion )
yum install salt-minion -y
#修改minion配置文件,注意冒号与后面ip有一个空格
sed -ir "17 imaster: 192.168.1.161" /etc/salt/minion
#检查
sed -n '15,18p' /etc/salt/minion
#启动minion
systemctl start salt-minion
#主节点(Master)列出minion信息
[root@zon161 ~]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
zon161
Rejected Keys:
#同意minion所有的请求
salt-key -A
salt-key -a zon*
echo -e "Y\n"|salt-key -A
#检查
[root@zon161 ~]# salt-key
Accepted Keys:
zon161
Denied Keys:
Unaccepted Keys:
Rejected Keys:
3.SaltStack命令
用法:
salt ‘*’ 模块.方法
例如:
[root@zon161 ~]# salt '*' test.ping
zon161:
True
[root@zon161 ~]# salt 'zon161' cmd.run 'w'
zon161:
19:23:27 up 3:48, 1 user, load average: 0.22, 0.10, 0.06
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 192.168.1.145 17:57 7.00s 1.10s 1.01s /usr/bin/python /usr/bin/salt zon161 cmd.run w
4.SaltStack安装apache
#主节点(Master)
#指定base环境,注意空格缩进
vim /etc/salt/master
file_roots:
base:
- /srv/salt
#创建目录
mkdir /srv/salt -p
#重启salt-master
systemctl restart salt-master
#编辑sls文件
vim /srv/salt/apache.sls
apache-install:
pkg.installed:
- names:
- httpd
- httpd-devel
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
#测试
[root@zon161 ~]# rpm -qa httpd
[root@zon161 ~]# salt '*' state.sls apache
zon161:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 19:48:48.924094
Duration: 73861.701 ms
Changes:
----------
apr:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-80.el7.centos.1
old:
httpd-tools:
----------
new:
2.4.6-80.el7.centos.1
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 19:50:02.792975
Duration: 70537.745 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
centos-release:
----------
new:
7-5.1804.5.el7.centos
old:
7-1.1503.el7.centos.2.8
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-lib:
----------
new:
2.1.26-23.el7
old:
2.1.26-17.el7
cyrus-sasl-plain:
----------
new:
2.1.26-23.el7
old:
2.1.26-17.el7
dracut:
----------
new:
033-535.el7_5.1
old:
033-240.el7
dracut-config-rescue:
----------
new:
033-535.el7_5.1
old:
033-240.el7
dracut-network:
----------
new:
033-535.el7_5.1
old:
033-240.el7
expat:
----------
new:
2.1.0-10.el7_3
old:
2.1.0-8.el7
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
glib2:
----------
new:
2.54.2-2.el7
old:
2.40.0-4.el7
httpd-devel:
----------
new:
2.4.6-80.el7.centos.1
old:
initscripts:
----------
new:
9.49.41-1.el7_5.2
old:
9.49.24-1.el7
kmod:
----------
new:
20-21.el7
old:
14-10.el7
libdb:
----------
new:
5.3.21-24.el7
old:
5.3.21-17.el7_0.1
libdb-devel:
----------
new:
5.3.21-24.el7
old:
libdb-utils:
----------
new:
5.3.21-24.el7
old:
5.3.21-17.el7_0.1
libgudev1:
----------
new:
219-57.el7_5.3
old:
208-20.el7
lz4:
----------
new:
1.7.5-2.el7
old:
openldap:
----------
new:
2.4.44-15.el7_5
old:
2.4.39-6.el7
openldap-devel:
----------
new:
2.4.44-15.el7_5
old:
systemd:
----------
new:
219-57.el7_5.3
old:
208-20.el7
systemd-libs:
----------
new:
219-57.el7_5.3
old:
208-20.el7
systemd-python:
----------
new:
219-57.el7_5.3
old:
208-20.el7
systemd-sysv:
----------
new:
219-57.el7_5.3
old:
208-20.el7
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 19:51:13.390862
Duration: 2186.135 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
vim /srv/salt/top.sls
base:
'*':
- apache
[root@zon161 ~]# salt '*' state.highstate
zon161:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 19:52:49.670588
Duration: 1440.131 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: Package httpd-devel is already installed.
Started: 19:52:51.110963
Duration: 0.842 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 19:52:51.112738
Duration: 593.623 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
[root@zon161 ~]# rpm -qa httpd
httpd-2.4.6-80.el7.centos.1.x86_64
5.SaltStack数据系统
5.1Grains#salt-minion端设置#静态数据#
#在minion端上,静态数据,重启salt-minion才会重新收集信息
#自身数据可以用来做资产管理,匹配minion
#################################################
#查看grains搜集的所有的名称
[root@zon161 ~]# salt 'zon161' grains.ls
zon161:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gpus
- host
- hwaddr_interfaces
- id
- init
- ip4_interfaces
- ip6_interfaces
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- locale_info
- localhost
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- systemd
- virtual
- zmqversion
#查看grains搜集的所有的名称以及值
[root@zon161 ~]# salt 'zon161*' grains.items
zon161:
----------
SSDs:
biosreleasedate:
06/02/2011
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- syscall
- nx
- mmxext
- fxsr_opt
- rdtscp
- lm
- constant_tsc
- rep_good
- nopl
- tsc_reliable
- nonstop_tsc
- aperfmperf
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- sse4_1
- sse4_2
- popcnt
- aes
- xsave
- avx
- hypervisor
- lahf_lm
- extapic
- abm
- sse4a
- misalignsse
- 3dnowprefetch
- osvw
- xop
- fma4
- arat
cpu_model:
AMD Athlon(tm) X4 740 Quad Core Processor
cpuarch:
x86_64
domain:
fqdn:
zon161
fqdn_ip4:
- 192.168.1.161
fqdn_ip6:
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
host:
zon161
hwaddr_interfaces:
----------
eth0:
00:50:56:3b:b2:e8
lo:
00:00:00:00:00:00
id:
zon161
init:
systemd
ip4_interfaces:
----------
eth0:
- 192.168.1.161
lo:
- 127.0.0.1
ip6_interfaces:
----------
eth0:
- fe80::250:56ff:fe3b:b2e8
lo:
- ::1
ip_interfaces:
----------
eth0:
- 192.168.1.161
- fe80::250:56ff:fe3b:b2e8
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.1.161
ipv6:
- ::1
- fe80::250:56ff:fe3b:b2e8
kernel:
Linux
kernelrelease:
3.10.0-229.el7.x86_64
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
UTF-8
localhost:
zon161
lsb_distrib_id:
CentOS Linux
machine_id:
e4bf6a0aa85f4c7eb4b5e8250db1ce21
manufacturer:
VMware, Inc.
master:
192.168.1.161
mdadm:
mem_total:
1837
nodename:
zon161
num_cpus:
1
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
Core
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.5.1804
osrelease_info:
- 7
- 5
- 1804
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
productname:
VMware Virtual Platform
ps:
ps -efH
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib64/python2.7/site-packages/gtk-2.0
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2015.5.10
saltversioninfo:
- 2015
- 5
- 10
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d 1e 13 4e 8d f9 01-af 4d 74 db 2c 2b 9b aa
server_id:
82896203
shell:
/bin/sh
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
virtual:
VMware
zmqversion:
3.2.5
#查看grains搜集的fqdn信息
[root@zon161 ~]# salt 'zon161*' grains.item fqdn
zon161:
----------
fqdn:
zon161
#获取grains搜集的fqdn名值
[root@zon161 ~]# salt 'zon161*' grains.get fqdn
zon161:
zon161
#获取grains搜集的网卡和MAC地址的值
[root@zon161 ~]# salt 'zon161' grains.get ip_interfaces:eth0
zon161:
- 192.168.1.161
- fe80::250:56ff:fe3b:b2e8
#利用grains来指定所有CentOS机器上执行特定命令示例:
[root@zon161 ~]# salt 'zon161' grains.get os
zon161:
CentOS
#指定OS值为CentOS的机器执行w命令
[root@zon161 ~]# salt -G os:CentOS cmd.run 'w'
zon161:
20:07:01 up 4:32, 1 user, load average: 0.02, 0.08, 0.17
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 192.168.1.145 17:57 5.00s 1.17s 1.01s /usr/bin/python /usr/bin/salt -G os:CentOS cmd.run w
#配置minion文件,实现grains功能
vim /etc/salt/minion
grains:
roles:
- webserver
- memcache
[root@zon161 ~]# systemctl restart salt-minion
#刷新grains的值
[root@zon161 ~]# salt '*' saltutil.sync_grains
zon161:
#让grains中roles项的值为memcache的机器打印hello
[root@zon161 ~]# salt -G 'roles:memcache' cmd.run 'echo hello'
zon161:
hello
#让grains中roles项的值为memcache的机器打印ok
[root@zon161 ~]# salt -G 'roles:webserver' cmd.run 'echo ok'
zon161:
ok
#在/etc/salt/grains文件内写roles,实现grains功能 Ps:在/etc/salt/minion中,不能有rules标签
如:
[root@zon161 ~]# echo 'roles: nginx'>> /etc/salt/grains
[root@zon161 ~]# cat /etc/salt/grains
roles: nginx
[root@zon161 ~]# systemctl restart salt-minion
[root@zon161 ~]# salt -G roles:nginx cmd.run 'w'
No minions matched the target. No command was sent, no jid was assigned.
ERROR: No return received
#删除/etc/salt/minion定义的roles
[root@zon161 ~]# vim /etc/salt/minion
grains:
roles:
- webserver
- memcache
[root@zon161 ~]# systemctl restart salt-minion
[root@zon161 ~]# salt -G roles:nginx cmd.run 'w'
zon161:
20:26:31 up 4:52, 1 user, load average: 0.03, 0.05, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 192.168.1.145 17:57 7.00s 1.26s 1.06s /usr/bin/python /usr/bin/salt -G roles:nginx cmd.run w
#用/srv/salt/top.sls文件,实现grains功能
[root@zon161 ~]# vim /srv/salt/top.sls
base:
'roles:nginx':
- match: grain
- apache
[root@zon161 ~]# salt '*' state.highstate
zon161:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 20:29:43.043569
Duration: 2342.678 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: Package httpd-devel is already installed.
Started: 20:29:45.386704
Duration: 1.655 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 20:29:45.389913
Duration: 886.015 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
5.2Pillar#salt-master端设置#动态数据##
处理敏感数据,如设置密码
还有差异化设置
[root@zon161 ~]# vim /etc/salt/master
pillar_roots:
base:
- /srv/pillar
[root@zon161 ~]# mkdir /srv/pillar -p
[root@zon161 ~]# systemctl restart salt-master
[root@zon161 ~]# vim /srv/pillar/apache.sls
{% if grains['os'] == 'CentOS' %}
apache: httpd
{% elif grains['os'] == 'Debian' %}
apache: apache2
{% endif %}
[root@zon161 ~]# vim /srv/pillar/top.sls
base:
'*':
- apache
[root@zon161 ~]# salt '*' saltutil.refresh_pillar
zon161:
True
[root@zon161 ~]# salt -I 'apache:httpd' test.ping
zon161:
True
291
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
