参考文献:
http://docs.saltstack.cn/contents.html
http://docs.saltstack.cn/ref/returners/all/salt.returners.mysql.html
结合之前的四篇博客:
https://blog.csdn.net/JaneNancy/article/details/81775682
https://blog.csdn.net/JaneNancy/article/details/81778084
https://blog.csdn.net/JaneNancy/article/details/81782186
https://blog.csdn.net/JaneNancy/article/details/81807886
1、利用saltstack结合mysql数据库测试返回值
[root@server1 ~]# yum install -y mysql-server
[root@server1 ~]# /etc/init.d/mysqld start
[root@server1 ~]# salt server2 state.sls httpd.install
在server1配置mysql进行授权
[root@server1 ~]# mysql
mysql> grant all on salt.* to salt@'172.25.50.*' identified by 'westos'; 授权用户密码给172.25.38网段
Query OK, 0 rows affected (0.00 sec)
[root@server1 ~]# vim test.sql
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- CREATE INDEX jid ON jids(jid) USING BTREE;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
将数据库导入test.sql
[root@server2 ~]# yum install -y MySQL-python.x86_64
[root@server2 ~]# vim /etc/salt/minion
mysql.host: '172.25.50.1' master端IP
mysql.user: 'salt' 用户
mysql.pass: 'westos' 密码
mysql.db: 'salt'
mysql.port: 3306 端口
[root@server2 ~]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server2 daemon: OK
Starting salt-minion:root:server2 daemon: OK
2、去 server1 查看:测试返回值
[root@server1 tmp]# salt 'server2' test.ping --return mysql 测试返回值
server2:
True
[root@server1 tmp]# mysql 登陆数据库
mysql> use salt 使用salt数据库
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select * from salt_returns; 查看返回值
+-----------+----------------------+--------+---------+---------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| fun | jid | return | id | success | full_ret | alter_time |
+-----------+----------------------+--------+---------+---------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| test.ping | 20180818152931308839 | true | server2 | 1 | {"fun_args": [], "jid": "20180818152931308839", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "server2"} | 2018-08-18 15:29:31 |
+-----------+----------------------+--------+---------+---------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------+
1 row in set (0.00 sec)
3、添加TOP master
利用python脚本调用显示所有主机磁盘信息
[root@server4 ~]# chkconfig salt-minion off
[root@server4 ~]# /etc/init.d/salt-minion stop
Stopping salt-minion:root:server4 daemon: OK
[root@server4 ~]# /etc/init.d/haproxy stop
Stopping haproxy: [ OK ]
[root@server4 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@server4 ~]# ps ax
[root@server4 ~]# yum install -y salt-master
[root@server4 ~]# cd /etc/salt/
[root@server4 salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
[root@server4 salt]# vim master
857 order_masters: True
[root@server4 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
搭建top master用来管理各个master,实现了master端的横向扩展,减轻了master端的负载压力
[root@server1 ~]# yum install -y salt-syndic
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
[root@server1 salt]# vim master
861 syndic_master: 172.25.50.4
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server1 salt]# /etc/init.d/salt-syndic start
Starting salt-syndic daemon: [ OK ]
去 TOP master 给 master 钥匙,使 连接
[root@server4 salt]# salt-key -L
[root@server4 salt]# salt-key -A
4、测试salt-ssh模块
[root@server1 salt]# yum install -y salt-ssh
[root@server1 salt]# vim /etc/salt/roster
10 server3
11 host: 172.25.50.3
12 user: root
13 passwd: westos
~
[root@server1 salt]# salt-ssh 'server3' test.ping
[root@server1 salt]# salt-ssh 'server3' test.ping -i
我们就登陆上了server3主机,执行一下我们之前自己写的模块。
[root@server1 salt]# salt-ssh 'server3' my_disk.df 直接调用ssh服务可以查看server3的磁盘信息
可以实现远程操作。
5、salt工具之api
在server1安装api模块
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# ls
cloud cloud.deploy.d cloud.profiles.d master minion minion_id proxy roster
cloud.conf.d cloud.maps.d cloud.providers.d master.d minion.d pki proxy.d
[root@server1 salt]# cd master.d/
[root@server1 master.d]# vim api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
[root@server1 master.d]# vim auth.conf
external_auth:
pam:
saltapi:
- '.*'
- '@wheel'
- '@runner'
- '@jobs'
编写脚本测试打印 print sapi.list_all_key()信息
[root@server1 ~]# vim saltapi.py
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url='https://localhost:8000',username='saltapi',password='westos')
sapi.token_id()
print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
sapi.deploy('server3','nginx.service')
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()
将server3的nginx服务关闭
[root@server3 ~]# /etc/init.d/nginx stop
Stopping nginx: [ OK ]
[root@server3 ~]# /etc/init.d/nginx status
nginx is stopped
[root@server1 ~]# python saltapi.py
([u'server1', u'server2', u'server3'], [])
去server3查看,nginx 就会自动开启