Saltstack 快速入门教程
1.介绍
Saltstack 比 Puppet 出来晚几年,是基于Python 开发的,也是基于 C/S 架构,服务端 master 和客户端 minions ;Saltstack 和 Puppet 很像,可以说 Saltstatck 整合了 Puppet 和 Chef 的功能,更加强大,更适合大规模批量管理服务器,并且它比 Puppet 更容易配置。 三大功能: 远程命令执行,配置管理(服务,文件,cron,用户,组),云管理。
2.准备工作
准备两台机器,这两台机器都关闭 selinux,清空 iptables 规则并保存。 master:192.168.1.160 slaver:192.168.1.161
更新软件源
[root@nb0 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@nb0 ~]# yum makecache fast
Loaded plugins: fastestmirror
HuaDongBD | 2.9 kB 00:00:00
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
os | 3.6 kB 00:00:00
updates | 3.4 kB 00:00:00
updates/7/x86_64/primary_db | 7.8 MB 00:00:07
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Metadata Cache Created
[root@nb0 ~]#3. 安装
在SaltsStack架构中服务端叫作Master,客户端叫作Minion,都是以守护进程的模式运行,一直监听配置文件中定义的ret_port(saltstack客户端与服务端通信的端口,负责接收客户端发送过来的结果,默认4506端口)和publish_port(saltstack的消息发布系统,默认4505端口)的端口。当Minion运行时会自动连接到配置文件中定义的Master地址ret_port端口进行连接认证。
- Master:控制中心,salt命令运行和资源状态管理
- Minion : 需要管理的客户端机器,会主动去连接Mater端,并从Master端得到资源状态信息,同步资源管理信息
- States:配置管理的指令集
- Modules:在命令行中和配置文件中使用的指令模块,可以在命令行中运行
- Grains:minion端的变量,静态的
- Pillar:minion端的变量,动态的比较私密的变量,可以通过配置文件实现同步minions定义
- highstate:为minion端下发永久添加状态,从sls配置文件读取.即同步状态配置
- salt_schedule:会自动保持客户端配置
3.1 服务端安装
yum install -y epel-release
yum install -y salt-master salt-minion
[root@nb0 ~]# yum install -y epel-release
[root@nb0 ~]# yum install -y salt-master salt-minion3.2 客户端安装
[root@nb1 ~]# yum install -y epel-release
[root@nb1 ~]# yum install -y salt-minion4.配置
4.1 Salt minion配置
用vi/vim打开/etc/salt/minion,找到配置选项master所在行,一般在第16行。修改内容,去掉#,冒号后有一个空格,将salt更改为master。
示例操作如下:
[root@nb0 ~]# vi /etc/salt/minion
[root@nb1 ~]# vi /etc/salt/minion
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: master如果找不到master对应的行,可以直接在文件尾部添加一行master: master或master: 192.168.1.160
也可以使用sed命令直接修改配置文件
[root@nb2 ~]# sed -i 's/#master: salt/master: 192.168.1.160/g' /etc/salt/minion5.启动服务
(1)服务端
[root@nb0 ~]# salt-master start在后端运行
[root@nb0 ~]# salt-master start &
[3] 35438
[root@nb0 ~]#(2)客户端
[root@nb0 ~]# salt-minion start &
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate[root@nb1 ~]# salt-minion start &
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate[root@nb2 ~]# salt-minion start
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticateminion在第一次启动时,会在/etc/salt/pki/minion/(该路径在/etc/salt/minion里面设置)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的 public key,然后master就能对minion发送指令了。
6.配置认证
(1)在服务端上操作 新打开一个nb0终端
[root@nb0 ~]# salt-key -a nb0
The following keys are going to be accepted:
Unaccepted Keys:
nb0
Proceed? [n/Y] y
Key for minion nb0 accepted.
[root@nb0 ~]#[root@nb0 ~]# salt-key -a nb1
The following keys are going to be accepted:
Unaccepted Keys:
nb1
Proceed? [n/Y]y
Key for minion nb1 accepted.
[root@nb0 ~]#[root@nb0 ~]# salt-key -a nb2
The following keys are going to be accepted:
Unaccepted Keys:
nb2
Proceed? [n/Y] y
Key for minion nb2 accepted.
You have mail in /var/spool/mail/root
[root@nb0 ~]#[root@nb0 ~]# salt-key
Accepted Keys:
nb0
nb1
nb2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@nb0 ~]# 注意: 在==大规模部署Minion==的时候可以设置自动接受指定等待认证的 key
在修改/etc/salt/master前,先备份一下
[root@nb0 ~]# cp /etc/salt/master /etc/salt/master.bak通过vi打开/etc/salt/master
[root@nb0 ~]# vi /etc/salt/master找到#auto_accept: False一行,修改False为True
# Enable auto_accept, this setting will automatically accept all incoming
# public keys from the minions. Note that this is insecure.
#auto_accept: False或者通过sed命令修改
[root@nb0 ~]# sed -i 's/#auto_accept: False/auto_accept: True/g' /etc/salt/masterctrl+c停止salt-master,然后再启动
[root@nb0 ~]# salt-master start
^C[WARNING ] Stopping the Salt Master
[WARNING ] Stopping the Salt Master
Exiting on Ctrl-c
[WARNING ] Stopping the Salt Master
Exiting on Ctrl-c
Exiting on Ctrl-c
[root@nb0 ~]# salt-master start(2)测试验证
[root@nb0 ~]# salt '*' test.ping
nb2:
True
nb1:
True
nb0:
True
[root@nb0 ~]#这里的 * 必须是在 master 上已经被接受过的客户端,可以通过 salt-key 查到
远程执行命令
[root@nb0 ~]# salt '*' cmd.run 'df -h'
nb0:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 48G 26G 22G 55% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 16K 3.9G 1% /dev/shm
tmpfs 3.9G 402M 3.5G 11% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
/dev/mapper/cl-home 24G 33M 24G 1% /home
tmpfs 781M 0 781M 0% /run/user/0
/dev/loop0 7.8G 7.8G 0 100% /var/ftp/iso-home
nb1:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 48G 4.3G 44G 9% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 12K 3.9G 1% /dev/shm
tmpfs 3.9G 377M 3.5G 10% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
/dev/mapper/cl-home 24G 33M 24G 1% /home
tmpfs 781M 0 781M 0% /run/user/0
nb2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 48G 4.9G 43G 11% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 12K 3.9G 1% /dev/shm
tmpfs 3.9G 401M 3.5G 11% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
/dev/mapper/cl-home 24G 33M 24G 1% /home
tmpfs 781M 0 781M 0% /run/user/0
[root@nb0 ~]# 首先我们要知道在安装SaltStack的时候Master 跟Minion端都分别安装了哪些文件,这样有利于我 们去了解SaltStack日后的一些日常操作。大家可以 通过以下命令查看SaltStack安装部署的时候分别安 装了哪些命令(yum安装方式)。
[root@nb0 ~]# rpm -ql salt-master
/etc/salt/master #salt master 配置文件
/usr/bin/salt #salt master 核心操作命令
/usr/bin/salt-cp #salt 文件传输命令
/usr/bin/salt-key #salt 证书管理命令
/usr/bin/salt-master #salt master 服务命令
/usr/bin/salt-run #salt master runner 命令
/usr/bin/salt-unity
/usr/lib/systemd/system/salt-master.service
/usr/share/man/man1/salt-cp.1.gz
/usr/share/man/man1/salt-key.1.gz
/usr/share/man/man1/salt-master.1.gz
/usr/share/man/man1/salt-run.1.gz
/usr/share/man/man1/salt-unity.1.gz
/usr/share/man/man7/salt.7.gz
[root@nb0 ~]#[root@nb0 ~]# salt --version
salt 2015.5.10 (Lithium)
[root@nb0 ~]#7管理对象
如果我们要维护好一个庞大的配置管理系统,那么首先得维护好我们的管理对象,在SaltStack系 统中我们的管理对象叫作Target,在Master上我们可以采用不同Target去管理不同的Minion。这些 Target都是通过去管理和匹配Minion的ID来做的一些集合。
[root@nb0 ~]# rpm -ql salt-minion
/etc/salt/minion #salt minion 配置文件
/usr/bin/salt-call #salt call 拉取命令
/usr/bin/salt-minion #salt minion 服务命令
/usr/lib/systemd/system/salt-minion.service
/usr/share/man/man1/salt-call.1.gz
/usr/share/man/man1/salt-minion.1.gz
You have mail in /var/spool/mail/root
[root@nb0 ~]# (1)正则匹配
在操作与管理Minion时可以通过正则表达式来 匹配Minion ID的方式去管理它们。 比如我们想要 对匹配到’nb*’字符串的Minion进行操作,查看各节点的IP
[root@nb0 ~]# salt 'nb*' network.ip_addrs
nb0:
- 192.168.1.160
nb1:
- 192.168.1.161
nb2:
- 192.168.1.162
[root@nb0 ~]# (2)列表匹配
-L, –list 列表匹配
[root@nb0 ~]# salt -L nb1,nb2 test.ping
nb2:
True
nb1:
True
[root@nb0 ~]# (3)Grians匹配
[root@nb0 ~]# salt -G 'os:CentOS' test.ping
nb0:
True
nb1:
True
nb2:
True
You have mail in /var/spool/mail/root
[root@nb0 ~]#其中os:CentOS,这里的对象是一组键值对, 这里用到了Minion的Grains的键值对。在后面介绍 Grains的时候会详细讲解,这里只需要知道可以通 过键值对的方式去匹配Minion ID。
-G, –grain grains 匹配
(4)组匹配
首先在master配置文件中定义组
[root@nb0 ~]# vi /etc/salt/master##### Node Groups #####
##########################################
# Node groups allow for logical groupings of minion nodes. A group consists of a group
# name and a compound target.
#nodegroups:
# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
# group2: 'G@os:Debian and foo.domain.com'L@ 和G@ 分别表示minion和grain信息 L@开通的是指定的以逗号分隔的多个minionId
|
Letter |
Match Type |
Example |
Alt Delimiter? |
|---|---|---|---|
|
G |
Grains glob |
G@os:Ubuntu |
Yes |
|
E |
PCRE Minion ID |
`E@web\d+.(dev |
qa |
|
P |
Grains PCRE |
P@os:(RedHat |
Fedora |
|
L |
List of minions |
L@minion1.example.com,minion3.domain.com or bl*.domain.com |
No |
|
I |
Pillar glob |
I@pdata:foobar |
Yes |
|
J |
Pillar PCRE |
`J@pdata:^(foo |
bar)$` |
|
S |
Subnet/IP address |
S@192.168.1.0/24 or S@192.168.1.100 |
No |
|
R |
Range cluster |
R@%foo.bar |
No |
Matchers can be joined using boolean and, or, and not operators.
修改group1:group1: 'L@nb1,nb2'
-N, –nodegroup 组匹配
(5)CIDR匹配 192.168.1.0/24是一个指定的CIDR网段,这里 CIDR匹配的IP地址是Minion连接Matser 4505端口 的来源地址。
[root@nb0 ~]# salt -S '192.168.1.0/24' test.ping
nb0:
True
nb2:
True
nb1:
True
[root@nb0 ~]# 8.管理对象属性
Grains是SaltStack组件中非常重要的组件之 一,因为我们在做配置部署的过程中会经常使用 它,Grains是SaltStack记录Minion的一些静态信息 的组件,我们可以简单地理解为Grains里面记录着 每台Minion的一些常用属性,比如CPU、内存、磁 盘、网络信息等,我们可以通过grains.items查看某 台Minion的所有Grains信息,Minions的Grains信息 是Minions启动的时候采集汇报给Master的,在实际 应用环境中我们需要根据自己的业务需求去自定义 一些Grains
8.1通过Minion配置文件定义Grains
先介绍下比较简单的Grains自定义方法,就是通过Minion配置文件定义
Minions的Grains信息是在Minions服务启动的时候汇报给Matser的,所以我们需要修改好Minion配置文 件后重启Minion服务。在Minion的/etc/salt/minion配置文件中默认有一些注释行。这里就是在Minion上 的minion配置文件中如何定义Grains信息例子。下面只需根据自动的需求按照以下格式去填写相应的 键值对就行,大家注意格式就行,SaltStack的配置文件的默认格式都是YAML格式:
# Custom static grains for this minion can be specified here and used in SLS
# files just like all other grains. This example sets 4 custom grains, with
# the 'roles' grain having two values that can be matched against.
#grains:
# roles:
# - webserver
# - memcache
# deployment: datacenter4
# cabinet: 13
# cab_u: 14-15为了统一管理Minion的Grains信息,需要把这 些注释复制到minion.d/grains文件中
自定义 grains,客户端上配置
[root@nb1 ~]# vi /etc/salt/minion# Custom static grains for this minion can be specified here and used in SLS
# files just like all other grains. This example sets 4 custom grains, with
# the 'roles' grain having two values that can be matched against.
grains:
roles:
- nginx
env:
- test
myname:
- hadron
# deployment: datacenter4
# cabinet: 13
# cab_u: 14-15重启salt-minion
[root@nb1 ~]# ps -aux|grep salt-minion
root 38792 0.0 0.1 231928 15388 pts/0 S 02:32 0:00 /usr/bin/python /usr/bin/salt-minion restart
root 38795 0.5 0.3 547648 28872 pts/0 Sl 02:32 0:00 /usr/bin/python /usr/bin/salt-minion restart
root 43928 0.3 0.1 231928 15384 pts/0 S 02:34 0:00 /usr/bin/python /usr/bin/salt-minion restart
root 43933 1.8 0.3 547648 28784 pts/0 Sl 02:34 0:00 /usr/bin/python /usr/bin/salt-minion restart
root 45693 0.0 0.0 112648 960 pts/0 S+ 02:34 0:00 grep --color=auto salt-minion
root 50604 0.0 0.1 231928 15384 pts/0 S Aug17 0:00 /usr/bin/python /usr/bin/salt-minion start
root 50607 0.0 0.3 760916 29024 pts/0 Sl Aug17 0:48 /usr/bin/python /usr/bin/salt-minion start
root 92074 0.0 0.1 231928 15388 pts/0 S 01:58 0:00 /usr/bin/python /usr/bin/salt-minion restart
root 92077 0.0 0.3 547916 26832 pts/0 Sl 01:58 0:01 /usr/bin/python /usr/bin/salt-minion restart
[root@nb1 ~]# kill 38792 43928 45693 50604
-bash: kill: (45693) - No such process
[root@nb1 ~]# ps -aux|grep salt-minion
root 43933 1.2 0.3 547648 28784 pts/0 Sl 02:34 0:00 /usr/bin/python /usr/bin/salt-minion restart
root 46529 0.0 0.0 112648 956 pts/0 S+ 02:35 0:00 grep --color=auto salt-minion
root 92074 0.0 0.1 231928 15388 pts/0 S 01:58 0:00 /usr/bin/python /usr/bin/salt-minion restart
root 92077 0.0 0.3 547916 26832 pts/0 Sl 01:58 0:02 /usr/bin/python /usr/bin/salt-minion restart
[1] Terminated salt-minion start
[3]- Terminated salt-minion restart
[4]+ Terminated salt-minion restart
[root@nb1 ~]# kill 92077 92074 43933
-bash: kill: (43933) - No such process
[root@nb1 ~]# ps -aux|grep salt-minion
root 48215 0.0 0.0 112648 960 pts/0 S+ 02:36 0:00 grep --color=auto salt-minion
[2]+ Terminated salt-minion restart
[root@nb1 ~]# salt-minion restart &
[1] 49052
[root@nb1 ~]# 服务端获取 grains
[root@nb0 ~]# salt 'nb1' grains.item role env myname
nb1:
----------
env:
- test
myname:
- hadron
role:
- nginx
[root@nb0 ~]#
[root@nb0 ~]# salt 'nb1' grains.item role
nb1:
----------
role:
- nginx
[root@nb0 ~]#注意:grains 在远程执行命令时很方便。我们可以按照 grains 的一些指标来操作。比如把所有的 web 服务器的 grains 的 role 设置为 nginx,那这样我们就可以批量对 nginx 的服务器进行操作了:
[root@nb0 ~]# salt -G role:nginx cmd.run 'hostname'
nb1:
nb1
[root@nb0 ~]# [root@nb0 ~]# salt -G os:CentOS cmd.run 'hostname'
nb1:
nb1
nb0:
nb0
nb2:
nb2
[root@nb0 ~]#8.2 pillar
pillar 和 grains 不一样,是在 master 上定义的,并且是针对 minion 定义的一些信息。像一些比较重要的数据(密码)可以存在 pillar 里,还可以定义变量等。
(1)服务端自定义配置 pillar
[root@nb0 ~]# vim /etc/salt/master找到如下内容,
#pillar_roots:
# base:
# - /srv/pillar
#去掉#号,修改为
pillar_roots:
base:
- /srv/pillar[root@nb0 ~]# mkdir /srv/pillar自定义配置文件,内容如下
[root@nb0 ~]# vim /srv/pillar/test.sls
[root@nb0 ~]# cat /srv/pillar/test.sls
conf: /etc/test123.conf
myname: hadron
[root@nb0 ~]# 总入口文件,内容如下
[root@nb0 ~]# vim /srv/pillar/top.sls
[root@nb0 ~]# cat /srv/pillar/top.sls
base:
'nb1':
- test
[root@nb0 ~]#重启master
[root@nb0 ~]# ps -aux|grep salt-master
root 29178 0.0 0.3 313076 26816 pts/3 S+ Aug17 0:00 /usr/bin/python /usr/bin/salt-master start
root 29242 0.5 0.4 407192 32856 pts/3 Sl+ Aug17 1:24 /usr/bin/python /usr/bin/salt-master start
root 29243 0.0 0.2 395004 22692 pts/3 Sl+ Aug17 0:00 /usr/bin/python /usr/bin/salt-master start
root 29244 0.0 0.3 395004 24292 pts/3 Sl+ Aug17 0:00 /usr/bin/python /usr/bin/salt-master start
root 29245 0.0 0.2 313076 22016 pts/3 S+ Aug17 0:00 /usr/bin/python /usr/bin/salt-master start
root 29250 0.0 0.3 1204752 28560 pts/3 Sl+ Aug17 0:01 /usr/bin/python /usr/bin/salt-master start
root 29251 0.0 0.3 1205064 28624 pts/3 Sl+ Aug17 0:01 /usr/bin/python /usr/bin/salt-master start
root 29252 0.0 0.3 1205068 28596 pts/3 Sl+ Aug17 0:01 /usr/bin/python /usr/bin/salt-master start
root 29255 0.0 0.3 1205068 28648 pts/3 Sl+ Aug17 0:01 /usr/bin/python /usr/bin/salt-master start
root 29258 0.0 0.3 1205072 28584 pts/3 Sl+ Aug17 0:01 /usr/bin/python /usr/bin/salt-master start
root 29261 0.0 0.2 689932 22668 pts/3 Sl+ Aug17 0:00 /usr/bin/python /usr/bin/salt-master start
root 93354 0.0 0.0 112652 960 pts/2 S+ 03:07 0:00 grep --color=auto salt-master
[root@nb0 ~]# kill 29178 29242 29243 29244 29245 29250 29251 29252 29255 29258 29261在单独终端启动
[root@nb0 ~]# salt-master start注意:当更改完 pillar 配置文件后,我们可以通过刷新 pillar 配置来获取新的 pillar 状态
[root@nb0 ~]# salt '*' saltutil.refresh_pillar
nb1:
True
nb0:
True
nb2:
True
[root@nb0 ~]# 验证
[root@nb0 ~]# salt 'nb1' pillar.items
nb1:
----------
conf:
/etc/test123.conf
myname:
hadron
[root@nb0 ~]# salt 'nb1' pillar.item conf
nb1:
----------
conf:
/etc/test123.conf
[root@nb0 ~]# salt 'nb1' pillar.item myname
nb1:
----------
myname:
hadron
[root@nb0 ~]# pillar 同样可以用来作为 salt 的匹配对象
[root@nb0 ~]# salt -I 'conf:/etc/test123.conf' test.ping
nb1:
True
[root@nb0 ~]# salt -I 'conf:/etc/test123.conf' cmd.run 'w'
nb1:
03:17:08 up 67 days, 14:25, 1 user, load average: 0.02, 0.12, 0.24
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 hadron Mon21 24:44 2.38s 0.16s -bash
[root@nb0 ~]#9. 配置管理安装Apache
下面进行的演示是远程通过 yum 方式安装 Apache。步骤如下:
(1)配置
[root@nb0 ~]# vim /etc/salt/master找到如下内容
# file_roots:
# base:
# - /srv/salt/去掉#注释
file_roots:
base:
- /srv/salt[root@nb0 ~]# mkdir /srv/salt
[root@nb0 ~]# vim /srv/salt/top.sls
[root@nb0 ~]# cat /srv/salt/top.sls
base:
'nb1':
- apache
[root@nb0 ~]#[root@nb0 ~]# vim /srv/salt/apache.sls
[root@nb0 ~]# cat /srv/salt/apache.sls
apache-service:
pkg.installed:
- names:
- httpd
- httpd-devel
service.running:
- name: httpd
- enable: True
[root@nb0 ~]#注意:apache-service 是自定义的 id 名。pkg.installed 为包安装函数,下面是要安装的包的名字。service.running 也是一个函数,来保证指定的服务启动,enable 表示开机启动。
(2)重启服务
[root@nb0 ~]# salt-master start
^C[WARNING ] Stopping the Salt Master
[WARNING ] Stopping the Salt Master
[WARNING ] Stopping the Salt Master
Exiting on Ctrl-c
Exiting on Ctrl-c
Exiting on Ctrl-c
You have mail in /var/spool/mail/root
[root@nb0 ~]# salt-master start[root@nb0 ~]# salt 'nb1' state.highstate
nb1:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 03:38:36.137884
Duration: 1250.258 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 03:38:37.388313
Duration: 33668.276 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-3.el7
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-20.el7_2
old:
cyrus-sasl-devel:
----------
new:
2.1.26-20.el7_2
old:
httpd:
----------
new:
2.4.6-45.el7.centos.4
old:
2.4.6-45.el7.centos
httpd-devel:
----------
new:
2.4.6-45.el7.centos.4
old:
httpd-tools:
----------
new:
2.4.6-45.el7.centos.4
old:
2.4.6-45.el7.centos
openldap-devel:
----------
new:
2.4.40-13.el7
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 03:39:11.080192
Duration: 6685.669 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@nb0 ~]# 说明 Apache 远程安装已成功。
[root@nb1 ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-08-18 03:39:17 EDT; 2min 10s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 11613 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─11613 /usr/sbin/httpd -DFOREGROUND
├─11715 /usr/sbin/httpd -DFOREGROUND
├─11716 /usr/sbin/httpd -DFOREGROUND
├─11717 /usr/sbin/httpd -DFOREGROUND
├─11718 /usr/sbin/httpd -DFOREGROUND
└─11719 /usr/sbin/httpd -DFOREGROUND
Aug 18 03:39:16 nb1 systemd[1]: Starting The Apache HTTP Server...
Aug 18 03:39:16 nb1 httpd[11613]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.1.161. Set the 'ServerN...his message
Aug 18 03:39:17 nb1 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@nb1 ~]# 10.states文件
salt states的核心是sls文件,该文件使用YAML语法定义了一些k/v的数据。
sls文件存放根路径在master配置文件中定义,默认为/srv/salt,该目录在操作系统上不存在,需要手动创建。
在salt中可以通过salt://代替根路径,例如你可以通过salt://top.sls访问/srv/salt/top.sls。
在states中top文件也由master配置文件定义,默认为top.sls,该文件为states的入口文件。 一个简单的sls文件如下:
apache:
pkg.installed
service.running
- require:
- pkg: apache说明:此SLS数据确保叫做”apache”的软件包(package)已经安装,并且”apache”服务(service)正在运行中。
- 第一行,被称为ID说明(ID Declaration)。ID说明表明可以操控的名字。
- 第二行和第四行是State说明(State Declaration),它们分别使用了pkg和service states。pkg state通过系统的包管理其管理关键包,service state管理系统服务(daemon)。 在pkg及service列下边是运行的方法。方法定义包和服务应该怎么做。此处是软件包应该被安装,服务应该处于运行中。
- 第六行使用require。本方法称为”必须指令”(Requisite Statement),表明只有当apache软件包安装成功时,apache服务才启动起来
salt-master是通过写sls配置管理minion上重复指令的,服务状态等等。
salt states的核心是sls文件,该文件使用YAML语法定义了一些k/v的数据。sls文件存放根路径在master配置文件中定义,默认为/srv/salt,该目录在操作系统上不存在,需要手动创建。
[root@nb0 ~]# mkdir -p /srv/salt/base11.文件目录管理
11.1文件管理
(1)服务端配置
[root@nb0 ~]# vim /srv/salt/top.sls
[root@nb0 ~]# cat /srv/salt/top.sls
base:
'nb1':
- apache
'nb2':
- filetest
[root@nb0 ~]# 新建 filetest.sls 文件
[root@nb0 ~]# vim /srv/salt/filetest.sls
[root@nb0 ~]# cat /srv/salt/filetest.sls
file-test:
file.managed:
- name: /tmp/filetest.txt
- source: salt://test/123/1.txt
- user: root
- group: root
- mode: 644
[root@nb0 ~]# 注意:第一行的 file-test 为自定的名字,表示该配置段的名字,可以在别的配置段中引用它;source指定文件从哪里拷贝,这里的 test 目录相当于是 /srv/salt/test 目录;name指定远程客户端要生成的文件。
新建所要测试的源文件
[root@nb0 ~]# mkdir -p /srv/salt/test/123/
[root@nb0 ~]# echo "file test" > /srv/salt/test/123/1.txt
[root@nb0 ~]#执行命令:
[root@nb0 ~]# salt 'nb2' state.highstate
nb2:
----------
ID: file-test
Function: file.managed
Name: /tmp/filetest.txt
Result: True
Comment: File /tmp/filetest.txt updated
Started: 03:59:13.664379
Duration: 505.159 ms
Changes:
----------
diff:
New file
mode:
0644
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
[root@nb0 ~]# (2)客户端验证
[root@nb2 ~]# cat /tmp/filetest.txt
file test
[root@nb2 ~]# 11.2目录管理
(1)接着编辑之前的 top.sls 文件
修改为如下
[root@nb0 ~]# vim /srv/salt/top.sls
[root@nb0 ~]# cat /srv/salt/top.sls
base:
'nb1':
- apache
'nb2':
- filedir
[root@nb0 ~]#(2)新建 filedir.sls 文件
[root@nb0 ~]# vim /srv/salt/filedir.sls
[root@nb0 ~]# cat /srv/salt/filedir.sls
file-dir:
file.recurse:
- name: /tmp/testdir
- source: salt://test/123
- user: root
- file_mode: 644
- dir_mode: 755
- mkdir: True
- clean: True
[root@nb0 ~]#clean: True 源删除文件或目录,目标也会跟着删除,否则不会删除。可以默认设置为 False
(3)新建所要测试的源目录
/srv/salt/test/123已经存在,且有一个文件
[root@nb0 ~]# ls /srv/salt/test/123
1.txt
[root@nb0 ~]# cat /srv/salt/test/123/1.txt
file test(4)执行命令
[root@nb0 ~]# salt 'nb2' state.highstate
nb2:
----------
ID: file-dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 01:38:38.129930
Duration: 392.34 ms
Changes:
----------
/tmp/testdir/1.txt:
----------
diff:
New file
mode:
0644
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
[root@nb0 ~]#(5)客户端验证
[root@nb2 ~]# ls /tmp
filetest.txt Jetty_0_0_0_0_16010_master____.6nvknp Jetty_localhost_40934_datanode____.k20t6j
hadoop-root-journalnode.pid Jetty_0_0_0_0_16030_regionserver____.45q9os Jetty_nb2_50070_hdfs____xjgcrn
hadoop-unjar4050493136279788948 Jetty_0_0_0_0_8042_node____19tj0x systemd-private-bd8f0cf7c19147208fb1f2948ed5483f-vmtoolsd.service-LQvsNz
hsperfdata_root Jetty_0_0_0_0_8480_journal____.8g4awa testdir
[root@nb2 ~]# ls /tmp/testdir/
1.txt
[root@nb2 ~]# (6)测试增删功能
在服务端新建newDir目录以及文件a,删除1.txt 文件
[root@nb0 ~]# cd /srv/salt/test/123
[root@nb0 123]# mkdir newDir
[root@nb0 123]# echo "Hello" > newDir/a
[root@nb0 123]# rm -rf 1.txt(7)再次执行命令
[root@nb0 ~]# salt 'nb2' state.highstate
nb2:
----------
ID: file-dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 01:45:59.688250
Duration: 442.358 ms
Changes:
----------
/tmp/testdir/newDir:
----------
/tmp/testdir/newDir:
New Dir
/tmp/testdir/newDir/a:
----------
diff:
New file
mode:
0644
removed:
- /tmp/testdir/1.txt
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
[root@nb0 ~]#(8)再次验证
[root@nb2 ~]# ls /tmp/testdir/
newDir
[root@nb2 ~]# ls /tmp/testdir/newDir/
a
[root@nb2 ~]#注意的是要成功创建newDir目录,前提是newDir目录下要有文件;如若没有,客户端是不会创建newDir目录的。
12.远程执行
前面提到远程执行命令 test.ping,cmd.run,点前面的是模块,点后面的是函数;这样总归是不太规范化,下面详细介绍怎么远程执行命令和脚本。
12.1远程执行命令
(1)接着编辑之前的 top.sls 文件
[root@nb0 ~]# vim /srv/salt/top.sls
[root@nb0 ~]# cat /srv/salt/top.sls
base:
'nb1':
- cmdtest
'nb2':
- filedir
[root@nb0 ~]# (2)新建 cmdtest.sls 文件
[root@nb0 ~]# vim /srv/salt/cmdtest.sls
[root@nb0 ~]# cat /srv/salt/cmdtest.sls
cmd-test:
cmd.run:
- onlyif: test -f /tmp/1.txt
- names:
- touch /tmp/cmdtest.txt
- mkdir /tmp/cmdtest
- user: root
[root@nb0 ~]# 条件 onlyif 表示若 /tmp/1.txt文件存在,则执行后面的命令;可以使用 unless,两者正好相反。
[root@nb1 ~]# echo "hello" > /tmp/1.txt
[root@nb1 ~]# cat /tmp/1.txt
hello
[root@nb1 ~]#(3)执行命令
[root@nb0 ~]# salt 'nb1' state.highstate
nb1:
----------
ID: cmd-test
Function: cmd.run
Name: touch /tmp/cmdtest.txt
Result: True
Comment: Command "touch /tmp/cmdtest.txt" run
Started: 02:23:07.347360
Duration: 565.866 ms
Changes:
----------
pid:
7209
retcode:
0
stderr:
stdout:
----------
ID: cmd-test
Function: cmd.run
Name: mkdir /tmp/cmdtest
Result: True
Comment: Command "mkdir /tmp/cmdtest" run
Started: 02:23:07.913505
Duration: 208.682 ms
Changes:
----------
pid:
7245
retcode:
0
stderr:
stdout:
Summary
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
[root@nb0 ~]#(4)验证
[root@nb1 ~]# ll /tmp|grep cmd
drwxr-xr-x 2 root root 6 Aug 21 02:23 cmdtest
-rw-r--r-- 1 root root 0 Aug 21 02:23 cmdtest.txt
[root@nb1 ~]# 12.2 远程执行脚本
(1)接着编辑之前的 top.sls 文件
[root@nb0 ~]# vim /srv/salt/top.sls
[root@nb0 ~]# cat /srv/salt/top.sls
base:
'nb1':
- cmdtest
'nb2':
- shelltest
[root@nb0 ~]# (2)新建 shelltest.sls 文件
[root@nb0 ~]# vim /srv/salt/shelltest.sls
[root@nb0 ~]# cat /srv/salt/shelltest.sls
shell-test:
cmd.script:
- source: salt://test/1.sh
- user: root
[root@nb0 ~]# (3)新建 1.sh 脚本文件
[root@nb0 ~]# vim /srv/salt/test/1.sh
[root@nb0 ~]# cat /srv/salt/test/1.sh
#!/bin/bash
touch /tmp/shelltest.txt
if [ -d /tmp/shelltest ]
then
rm -rf /tmp/shelltest
else
mkdir /tmp/shelltest
fi
[root@nb0 ~]#(4)执行命令
[root@nb0 ~]# salt 'nb2' state.highstate
nb2:
----------
ID: shell-test
Function: cmd.script
Result: True
Comment: Command 'shell-test' run
Started: 02:35:33.341722
Duration: 585.072 ms
Changes:
----------
pid:
48228
retcode:
0
stderr:
stdout:
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
[root@nb0 ~]# (5)客户端验证
[root@nb2 ~]# ll /tmp|grep shell
drwxr-xr-x 2 root root 6 Aug 21 02:35 shelltest
-rw-r--r-- 1 root root 0 Aug 21 02:35 shelltest.txt
[root@nb2 ~]# 通过上面的例子,我们实现了远程执行脚本;如果我们想一键远程安装 LAMP 或者 LNMP,那么只需把本例中的 1.sh 脚本替换成 一键安装的脚本就行。
13.管理任务计划
13.1 建立 cron
(1)编辑 top.sls 文件
[root@nb0 ~]# vim /srv/salt/top.sls
[root@nb0 ~]# cat /srv/salt/top.sls
base:
'nb1':
- crontest
'nb2':
- shelltest
[root@nb0 ~]#(2)编辑 crontest.sls 文件
[root@nb0 ~]# vim /srv/salt/crontest.sls
[root@nb0 ~]# cat /srv/salt/crontest.sls
cron-test:
cron.present:
- name: /bin/touch /tmp/111.txt
- user: root
- minute: '*'
- hour: 20
- daymonth: 1-10
- month: '3,5'
- dayweek: '*'
[root@nb0 ~]#注意,*需要用单引号引起来。当然我们还可以使用 file.managed 模块来管理 cron,因为系统的 cron都是以配置文件的形式存在的。
(3)执行命令
[root@nb0 ~]# salt 'nb1' state.highstate
nb1:
----------
ID: cron-test
Function: cron.present
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt added to root's crontab
Started: 02:47:51.454886
Duration: 1478.963 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
[root@nb0 ~]# (4)客户端验证
[root@nb1 ~]# crontab -l
00 03 * * * ntpdate 192.168.1.81
00 03 * * * ntpdate 192.168.1.81
00 03 * * * ntpdate 192.168.1.81
00 03 * * * ntpdate 192.168.1.81
00 03 * * * ntpdate 192.168.1.160
# Lines below here are managed by Salt, do not edit
# SALT_CRON_IDENTIFIER:/bin/touch /tmp/111.txt
* 20 1-10 3,5 * /bin/touch /tmp/111.txt
[root@nb1 ~]# 13.2 删除 cron
(1)修改 crontest.sls 文件 把 cron.present: 改成 cron.absent: 注意:两者不能共存,要想删除一个 cron,那之前的 present 就得替换掉或者删除掉。
[root@nb0 ~]# vim /srv/salt/crontest.sls
[root@nb0 ~]# cat /srv/salt/crontest.sls
cron-test:
cron.absent:
- name: /bin/touch /tmp/111.txt
- user: root
- minute: '*'
- hour: 20
- daymonth: 1-10
- month: '3,5'
- dayweek: '*'
[ro
ot@nb0 ~]#(2)执行命令
[root@nb0 ~]# salt 'nb1' state.highstate
nb1:
----------
ID: cron-test
Function: cron.absent
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt removed from root's crontab
Started: 02:56:03.583557
Duration: 29.663 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
[root@nb0 ~]# (3)客户端验证
[root@nb1 ~]# crontab -l
00 03 * * * ntpdate 192.168.1.81
00 03 * * * ntpdate 192.168.1.81
00 03 * * * ntpdate 192.168.1.81
00 03 * * * ntpdate 192.168.1.81
00 03 * * * ntpdate 192.168.1.160
# Lines below here are managed by Salt, do not edit
[root@nb1 ~]#14.Saltstack 常用命令
14.1拷贝文件到客户端
[root@nb0 ~]# salt 'nb1' cp.get_file salt://apache.sls /tmp/cp.txt
nb1:
/tmp/cp.txt
[root@nb0 ~]#[root@nb1 ~]# cat /tmp/cp.txt
apache-service:
pkg.installed:
- names:
- httpd
- httpd-devel
service.running:
- name: httpd
- enable: True
[root@nb1 ~]# 14.2 拷贝目录到客户端
[root@nb0 ~]# salt 'nb1' cp.get_dir salt://test /tmp
nb1:
- /tmp/test/1.sh
- /tmp/test/123/newDir/a
[root@nb0 ~]# [root@nb1 ~]# ll /tmp/test/
total 4
drwxr-xr-x 3 root root 20 Aug 21 03:02 123
-rw-r--r-- 1 root root 126 Aug 21 03:02 1.sh
[root@nb1 ~]#14.3 显示存活的客户端
[root@nb0 ~]# salt-run manage.up
- nb0
- nb1
- nb2
[root@nb0 ~]# 14.4 命令下执行服务端的脚本
[root@nb0 ~]# vim /srv/salt/test/shell.sh
[root@nb0 ~]# cat /srv/salt/test/shell.sh
#! /bin/bash
echo "hadron.cn" > /tmp/shell.txt
[root@nb0 ~]# [root@nb0 ~]# salt 'nb2' cmd.script salt://test/shell.sh
nb2:
----------
pid:
86257
retcode:
0
stderr:
stdout:
[root@nb0 ~]# [root@nb2 ~]# cat /tmp/shell.txt
hadron.cn
[root@nb2 ~]# 15.问题
[root@nb0 ~]# salt-master start
[ERROR ] An extra return was detected from minion nb1, please verify the minion, this could be a replay attack
[ERROR ] An extra return was detected from minion nb1, please verify the minion, this could be a replay attack执行一次命令,返回两个值
[root@nb0 ~]# salt '*' cmd.run 'df -h'
nb1:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 48G 4.3G 44G 9% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 24K 3.9G 1% /dev/shm
tmpfs 3.9G 385M 3.5G 10% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
/dev/mapper/cl-home 24G 33M 24G 1% /home
tmpfs 781M 0 781M 0% /run/user/0
nb1:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 48G 4.3G 44G 9% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 24K 3.9G 1% /dev/shm
tmpfs 3.9G 385M 3.5G 10% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
/dev/mapper/cl-home 24G 33M 24G 1% /home
tmpfs 781M 0 781M 0% /run/user/0
nb0:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 48G 27G 22G 55% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 16K 3.9G 1% /dev/shm
tmpfs 3.9G 394M 3.5G 11% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 139M 876M 14% /boot
/dev/mapper/cl-home 24G 33M 24G 1% /home
tmpfs 781M 0 781M 0% /run/user/0
/dev/loop0 7.8G 7.8G 0 100% /var/ftp/iso-home
[root@nb0 ~]#问题产生的原因在node2节点上重复启动
[root@nb1 ~]# salt-minion start
^C[WARNING ] Stopping the Salt Minion
[WARNING ] Exiting on Ctrl-c
[root@nb1 ~]# ctrl+c终止第二次的salt-minion启动即可。
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
