SaltStack之return与job管理
SaltStack组件之return
return流程
return是在Master端触发任务,然后Minion接受处理任务后直接与return存储服务器建立连接,然后把数据return存到存储服务器。关于这点一定要注意,因为此过程都是Minion端操作存储服务器,所以要确保Minion端的配置跟依赖包是正确的,这意味着我们将必须在每个Minion上安装指定的return方式依赖包,假如使用Mysql作为return存储方式,那么我们将在每台Minion上安装python-mysql模块。
使用mysql作为return存储方式
在所有minion上安装Mysql-python
模块
[root@master ~]# salt '*' pkg.install python3-PyMySQL
minion1:
----------
python3-PyMySQL:
----------
new:
0.10.1-2.module_el8.5.0+761+faacb0fb
old:
python3-cffi:
----------
new:
1.11.5-5.el8
old:
python3-cryptography:
----------
new:
3.2.1-5.el8
old:
python3-pycparser:
----------
new:
2.14-14.el8
old:
部署一台mysql服务器用作存储服务器
#创建数据库和表结构
[root@minion1 ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE `salt`
-> DEFAULT CHARACTER SET utf8
-> DEFAULT COLLATE utf8_general_ci;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> USE `salt`;
Database changed
MariaDB [salt]> DROP TABLE IF EXISTS `jids`;
Query OK, 0 rows affected, 1 warning (0.001 sec)
MariaDB [salt]> CREATE TABLE `jids` (
-> `jid` varchar(255) NOT NULL,
-> `load` mediumtext NOT NULL,
-> UNIQUE KEY `jid` (`jid`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.005 sec)
MariaDB [salt]> DROP TABLE IF EXISTS `salt_returns`;
Query OK, 0 rows affected, 1 warning (0.000 sec)
MariaDB [salt]> CREATE TABLE `salt_returns` (
-> `fun` varchar(50) NOT NULL,
-> `jid` varchar(255) NOT NULL,
-> `return` mediumtext NOT NULL,
-> `id` varchar(255) NOT NULL,
-> `success` varchar(10) NOT NULL,
-> `full_ret` mediumtext NOT NULL,
-> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-> KEY `id` (`id`),
-> KEY `jid` (`jid`),
-> KEY `fun` (`fun`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.004 sec)
MariaDB [salt]> DROP TABLE IF EXISTS `salt_events`;
Query OK, 0 rows affected, 1 warning (0.000 sec)
MariaDB [salt]> CREATE TABLE `salt_events` (
-> `id` BIGINT NOT NULL AUTO_INCREMENT,
-> `tag` varchar(255) NOT NULL,
-> `data` mediumtext NOT NULL,
-> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-> `master_id` varchar(255) NOT NULL,
-> PRIMARY KEY (`id`),
-> KEY `tag` (`tag`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.004 sec)
#配置访问权限
MariaDB [salt]> grant all on salt.* to salt@'192.168.11.%' identified by 'salt';
Query OK, 0 rows affected (0.000 sec)
MariaDB [salt]> flush privileges;
Query OK, 0 rows affected (0.000 sec)
配置minion
[root@minion1 ~]# vim /etc/salt/minion
mysql.host: '192.168.11.132'
mysql.user: 'salt'
mysql.pass: 'root'
mysql.db: 'salt'
mysql.port: 3306
[root@minion1 ~]# systemctl restart salt-minion
在Master上测试存储到mysql中
[root@master ~]# salt '*' test.ping --return mysql
minion1:
True
在数据库中查询
MariaDB [salt]> select * from salt_returns\G
*************************** 1. row ***************************
fun: test.ping
jid: 20210708111512943887
return: true
id: minion1
success: 1
full_ret: {"success": true, "return": true, "retcode": 0, "jid": "20210708111512943887", "fun": "test.ping", "fun_args": [], "id": "minion1"}
alter_time: 2021-07-08 10:15:13
1 row in set (0.001 sec)
job cache
2.1 job cache流程
return时是由Minion直接与存储服务器进行交互,因此需要在每台Minion上安装指定的存储方式的模块,比如python-mysql,那么我们能否直接在Master上就把返回的结果给存储到存储服务器呢?
答案是肯定的,这种方式被称作 job cache 。意思是当Minion将结果返回给Master后,由Master将结果给缓存在本地,然后将缓存的结果给存储到指定的存储服务器,比如存储到mysql中。
开启master端的master_job_cache
[root@master ~]# yum -y install python3-PyMySQL
[root@master ~]# vim /etc/salt/master
#return: mysql
master_job_cache: mysql
mysql.host: '192.168.11.132'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
[root@master ~]# systemctl restart salt-master
在数据库服务器中清空表内容
[root@minion1 ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> delete from salt.salt_returns;
Query OK, 1 row affected (0.003 sec)
MariaDB [(none)]> select * from salt.salt_returns;
Empty set (0.000 sec)
在master上再次测试能否存储至数据库
[root@master ~]# salt '*' test.ping
minion1:
True
[root@master ~]# salt '*' cmd.run 'df -h'
minion1:
Filesystem Size Used Avail Use% Mounted on
devtmpfs 371M 0 371M 0% /dev
tmpfs 391M 60K 391M 1% /dev/shm
tmpfs 391M 5.6M 385M 2% /run
tmpfs 391M 0 391M 0% /sys/fs/cgroup
/dev/mapper/cs-root 17G 2.4G 15G 14% /
/dev/sda1 1014M 197M 818M 20% /boot
tmpfs 79M 0 79M 0% /run/user/0
在数据库中查询
MariaDB [(none)]> select * from salt.salt_returns\G
*************************** 1. row ***************************
fun: test.ping
jid: 20210708102915735967
return: true
id: minion1
success: 1
full_ret: {"cmd": "_return", "id": "minion1", "success": true, "return": true, "retcode": 0, "jid": "20210708102915735967", "fun": "test.ping", "fun_args": [], "_stamp": "2021-07-08T10:29:16.012229"}
alter_time: 2021-07-08 10:29:16
*************************** 2. row ***************************
fun: cmd.run
jid: 20210708113142767729
return: "Filesystem Size Used Avail Use% Mounted on\ndevtmpfs 371M 0 371M 0% /dev\ntmpfs 391M 60K 391M 1% /dev/shm\ntmpfs 391M 5.6M 385M 2% /run\ntmpfs 391M 0 391M 0% /sys/fs/cgroup\n/dev/mapper/cs-root 17G 2.4G 15G 14% /\n/dev/sda1 1014M 197M 818M 20% /boot\ntmpfs 79M 0 79M 0% /run/user/0"
id: minion1
success: 1
full_ret: {"cmd": "_return", "id": "minion1", "success": true, "return": "Filesystem Size Used Avail Use% Mounted on\ndevtmpfs 371M 0 371M 0% /dev\ntmpfs 391M 60K 391M 1% /dev/shm\ntmpfs 391M 5.6M 385M 2% /run\ntmpfs 391M 0 391M 0% /sys/fs/cgroup\n/dev/mapper/cs-root 17G 2.4G 15G 14% /\n/dev/sda1 1014M 197M 818M 20% /boot\ntmpfs 79M 0 79M 0% /run/user/0", "retcode": 0, "jid": "20210708103142767729", "fun": "cmd.run", "fun_args": ["df -h"], "_stamp": "2021-07-08T10:31:42.907160"}
alter_time: 2021-07-08 10:31:42
2 rows in set (0.000 sec)
job管理
获取任务的jid
root@master ~]# salt '*' cmd.run 'uptime' -v
Executing job with jid 20210708113359612982
-------------------------------------------
minion1:
10:33:59 up 38 min, 1 user, load average: 0.08, 0.02, 0.01
通过jid获取此任务的返回结果
[root@master ~]# salt-run jobs.lookup_jid 20210708113359612982
minion1:
10:33:59 up 38 min, 1 user, load average: 0.08, 0.02, 0.01
SaltStack之salt-ssh
salt-ssh远程管理的方式
salt-ssh
有两种方式实现远程管理,一种是在配置文件中记录所有客户端的信息,诸如 IP 地址、端口号、用户名、密码以及是否支持sudo等;另一种是使用密钥实现远程管理,不需要输入密码。
salt-ssh管理
在 master 上安装 salt-ssh
[root@master ~]# yum -y install salt-ssh
通过使用用户名密码的SSH实现远程管理
修改配置文件,添加受控机信息
[root@master ~]# vim /etc/salt/roster
minion2:
host: 192.168.11.122
user: fred
passwd: root
第一次访问时需要输入 yes/no ,但是 saltstack 是不支持交互式操作的,所以为了解决这个问题,我们需要对其进行设置,让系统不进行主机验证。
[root@master ~]# vim ~/.ssh/config
StrictHostKeyChecking no
测试连通性
[root@master ~]# salt-ssh '*' -r 'dnf -y install python3'
[root@master ~]# salt-ssh '*' test.ping
minion2:
True
通过salt-ssh初始化系统安装salt-minion
执行状态命令,初始化系统,安装salt-minion
[root@master ~]# mkdir -p /srv/salt/base/{repo,files}
[root@master ~]# cp /etc/yum.repos.d/salt.repo /srv/salt/base/repo/salt.repo
[root@master ~]# cp /etc/salt/minion /srv/salt/base/files/
[root@master ~]# vim /srv/salt/base/repo.sls
salt_repo:
file.managed:
- name: /etc/yum.repos.d/salt.repo
- source: salt://repo/salt.repo
- user: root
- group: root
- mode: 0644
[root@master ~]# vim /srv/salt/base/minion.sls
minion_install:
pkg.installed:
- name: salt-minion
minion_conf:
file.managed:
- name: /etc/salt/minion
- source: salt://files/minion
- user: root
- group: root
- mode: 644
- template: jinja
- default:
ID: {{ grains['ipv4'] [1] }}
- require:
- pkg: minion_install
minion_service:
service.running:
- name: salt-minion
- enable: True
- start: True
- watch:
- file: /etc/salt/minion
[root@master ~]# salt-ssh '*' state.sls repo
[root@master ~]# salt-ssh '*' state.sls minion
测试
[root@master ~]# salt-key -L
Accepted Keys:
minion1
Denied Keys:
Unaccepted Keys:
master
minion2
Rejected Keys:
[root@master ~]# salt-key -ya minion2
[root@master ~]# salt '*' test.ping
minion2:
True
minion1:
True