Slatstack 介绍
官方源:http://repo.saltstack.com/ (介绍各操作系统安装方法)
centos 6源
1
|
yum
install
https:
//repo
.saltstack.com
/yum/redhat/salt-repo-latest-1
.el6.noarch.rpm
|
centos 7 源
1
|
yum
install
https:
//repo
.saltstack.com
/yum/redhat/salt-repo-latest-1
.el7.noarch.rpm
|
http://repo.saltstack.com/yum/redhat/7/x86_64
基于python开发,提供REST API接口
三大功能: 远程执行、配置管理(状态)、云管理
其它:Puppet(ruby)、ansible(python)
四种运行方式:Local、Minion/Master(C/S)、Syndic(代理,类似zabbix proxy)、Salt SSH
快速安装
- 安装
服务端
1
|
yum
install
salt-master salt-minion -y
|
客户端
1
|
yum
install
salt-minion -y
|
启动服务端
1
|
systemctl start salt-master
|
配置客户端
1
2
3
|
vim
/etc/salt/minion
master: 192.168.137.11
# 配置master地址
id
:
# 每台主机的唯一标识,不配置默认为主机名
|
启动客户端
1
|
systemctl start salt-minion
|
启动后/etc/salt下生成minion_id文件,默认为主机名
如果修改id,需要删除minion_id
- master和minion启动后pki介绍
第一次启动minion在/etc/salt下生成pki文件目录
包含minion的公钥minion.pub和私钥minion.pem
第一次启动master在/etc/salt下生成pki文件目录
包含master的公钥master.pub和私钥master.pem
linux-node1.example.com和linux-node2.example.com为minion的公钥,名称为id名
minions_pre为预认证目录
- 认证
1
|
salt-key
|
Accepted Keys 已同意的key
Denied Keys 拒绝的key
Unaccepted Keys 未认证的key
1
|
salt-key -a linux-node1.example.com
|
指定linux-node1.example.com这台minion被信任
1
|
salt-key -a linux*
# 通配符
|
说明:-a :accept ,-A:accept-all,-d:delete,-D:delete-all
两台minion已认证成功,此时再次查看master pki文件目录,minion的公钥文件放入了minions目录下
再次查看minion pki文件目录,存在minion_master.pub公钥文件
- 远程执行
语法: 命令 目标 模块.方法 方法参数
检查所有主机状态
1
|
salt
'*'
test
.
ping
|
检查指定主机状态
1
|
salt
"linux-node2.example.com"
test
.
ping
|
指定主机,远程执行shell命令
1
|
salt
"linux-node2.example.com"
cmd.run
"ls -lrt /root"
|
重启所有主机的zabbix agent
1
|
salt
"*"
cmd.run
"systemctl restart zabbix-agent"
|
- 状态模块
state 写一个描述文件。格式:YAML ,后缀:.sls
YAML介绍(重要)
YAML是"YAML Ain't a Markup Language"(YAML不是一种置标语言)的递归缩写。(可以查看百度百科介绍)
格式:数据结构可以用类似大纲的缩排方式呈现,结构通过缩进来表示,连续的项目通过减号“-”来表示,map结构里面的key/value对用冒号“:”来分隔。
样例如下:
salt管理理解YAML介绍 https://docs.saltstack.com/en/latest/topics/yaml/index.html
salt YAML三个规则:
1)缩进,需要用2个空格,不能使用Tab键;
2)冒号,冒号和缩进共用、键值对(中间有空格)
3)短横线, 于后面的值有空格
- master配置
1
2
|
vim
/etc/salt/master
file_roots
# 定义base、测试、灰度、生产环境配置文件路径,base名称不能改
|
重启master
systemctl restart salt-master
创建配置文件目录
1
2
|
cd
/srv
mkdir
salt
|
- sls文件创建
apache.sls,放入到/srv/salt/web目录下
1
2
3
4
5
6
7
8
9
10
|
apache-
install
:
# 自定义的id,名称
pkg.installed:
# 状态模块,salt自带的, 模块.方法
- names:
# 参数
- httpd
- httpd-devel
apache-service:
# 自定义的id,名称
service.running:
# 状态模块,salt自带的, 模块.方法
- name: httpd
# 参数
-
enable
: True
|
执行这个文件
1
|
salt
"*"
state.sls web.apache
|
执行流程:
1)master将这个文件发送至minion
2)minion放在/var/cache/salt/minion目录下
3)minion根据这个文件从上往下执行
执行结果
1 linux-node2.example.com: 2 ---------- 3 ID: apache-install 4 Function: pkg.installed 5 Name: httpd 6 Result: True 7 Comment: The following packages were installed/updated: httpd 8 Started: 13:12:23.142622 9 Duration: 103093.75 ms 10 Changes: 11 ---------- 12 apr: 13 ---------- 14 new: 15 1.4.8-3.el7 16 old: 17 apr-util: 18 ---------- 19 new: 20 1.5.2-6.el7 21 old: 22 httpd: 23 ---------- 24 new: 25 2.4.6-40.el7.centos.4 26 old: 27 httpd-tools: 28 ---------- 29 new: 30 2.4.6-40.el7.centos.4 31 old: 32 mailcap: 33 ---------- 34 new: 35 2.1.41-2.el7 36 old: 37 ---------- 38 ID: apache-install 39 Function: pkg.installed 40 Name: httpd-devel 41 Result: True 42 Comment: The following packages were installed/updated: httpd-devel 43 Started: 13:14:06.266419 44 Duration: 75699.845 ms 45 Changes: 46 ---------- 47 apr-devel: 48 ---------- 49 new: 50 1.4.8-3.el7 51 old: 52 apr-util-devel: 53 ---------- 54 new: 55 1.5.2-6.el7 56 old: 57 cyrus-sasl-devel: 58 ---------- 59 new: 60 2.1.26-20.el7_2 61 old: 62 expat-devel: 63 ---------- 64 new: 65 2.1.0-8.el7 66 old: 67 httpd-devel: 68 ---------- 69 new: 70 2.4.6-40.el7.centos.4 71 old: 72 libdb-devel: 73 ---------- 74 new: 75 5.3.21-19.el7 76 old: 77 openldap-devel: 78 ---------- 79 new: 80 2.4.40-9.el7_2 81 old: 82 ---------- 83 ID: apache-service 84 Function: service.running 85 Name: httpd 86 Result: True 87 Comment: Service httpd has been enabled, and is running 88 Started: 13:15:22.549732 89 Duration: 509.773 ms 90 Changes: 91 ---------- 92 httpd: 93 True 94 95 Summary for linux-node2.example.com 96 ------------ 97 Succeeded: 3 (changed=3) 98 Failed: 0 99 ------------ 100 Total states run: 3 101 Total run time: 179.303 s 102 linux-node1.example.com: 103 ---------- 104 ID: apache-install 105 Function: pkg.installed 106 Name: httpd 107 Result: True 108 Comment: Package httpd is already installed 109 Started: 21:12:17.773014 110 Duration: 1030.017 ms 111 Changes: 112 ---------- 113 ID: apache-install 114 Function: pkg.installed 115 Name: httpd-devel 116 Result: True 117 Comment: The following packages were installed/updated: httpd-devel 118 Started: 21:12:18.803216 119 Duration: 179505.346 ms 120 Changes: 121 ---------- 122 apr-devel: 123 ---------- 124 new: 125 1.4.8-3.el7 126 old: 127 apr-util-devel: 128 ---------- 129 new: 130 1.5.2-6.el7 131 old: 132 cyrus-sasl-devel: 133 ---------- 134 new: 135 2.1.26-20.el7_2 136 old: 137 expat-devel: 138 ---------- 139 new: 140 2.1.0-8.el7 141 old: 142 httpd-devel: 143 ---------- 144 new: 145 2.4.6-40.el7.centos.4 146 old: 147 libdb-devel: 148 ---------- 149 new: 150 5.3.21-19.el7 151 old: 152 openldap-devel: 153 ---------- 154 new: 155 2.4.40-9.el7_2 156 old: 157 ---------- 158 ID: apache-service 159 Function: service.running 160 Name: httpd 161 Result: True 162 Comment: The service httpd is already running 163 Started: 21:15:18.523234 164 Duration: 62.391 ms 165 Changes: 166 167 Summary for linux-node1.example.com 168 ------------ 169 Succeeded: 3 (changed=1) 170 Failed: 0 171 ------------ 172 Total states run: 3 173 Total run time: 180.598 s
- top file
默认文件名top.sls,放在base目录下,base目录在file_roots配置项配置
通过top.sls文件可以实现根据不同的minion执行不同的sls文件
1
2
3
4
5
|
base:
# 固定名称,必填
'linux-node1.example.com'
:
# minion id
- web.apache
# apache.sls
'linux-node2.example.com'
:
- web.apache
|
1
|
salt
"*"
state.highstate
|
上面命令执行state高级状态,它只会执行入口文件top.sls, 根据top文件中内容执行
生产环境中不建议使用*,需要指定具体主机,先用test测试
1
|
salt
"linux-node1.example.com"
state.highstate
test
=True
|
测试正常后执行
1
|
salt
"linux-node1.example.com"
state.highstate
|