简介
Saltstack是基于python开发的一套C/S架构配置管理工具
使用SSL证书签方的方式进行认证管理
底层使用ZeroMQ消息队列pub/sub方式通信
号称世界上最快的消息队列ZeroMQ能快速在成千上万台主机上进行各种操作
采用RSA Key方式确认身
工作机制
Master和Minion都以守护进程的方式运行
Master监听配置文件里定义的ret_port(接收minion请求),和publish_port(发布消息)的端口
当Minion运行时,它会自动连接到配置文件里定义的Master地址ret_port端口进行连接认证
当Master和Minion可以正常通信后,就可以进行各种各样的配置管理工作了
测试环境
主机地址 | 名称 | 节点功能 |
---|---|---|
172.16.3.89 | Zabbix.qfc | Master ,Minion |
172.16.3.90 | qfc-ntp | Minion |
两台设备已经安装Nginx
安装环境
官方安装指导:https://repo.saltproject.io/#rhel
选择需要centos8(两台都需要安装)
dnf install -y python3
Run the following commands to install the SaltStack repository and key:
sudo rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo
Run
sudo yum clean expire-cache
Install the salt-minion, salt-master, or other Salt components:
sudo yum install salt-master
sudo yum install salt-minion
sudo yum install salt-ssh
sudo yum install salt-syndic
sudo yum install salt-cloud
sudo yum install salt-api
master节点
sudo systemctl restart salt-minion salt-master
systemctl enable --now salt-master salt-minion
minion节点
sudo systemctl restart salt-minion
systemctl enable --now salt-minion
查看服务是否正常:
netstat -anplt| grep 45
两台防火墙加入端口:
firewall-cmd --permanent --add-port={4505,4506}/tcp
firewall-cmd --reload
修改hosts
vi /etc/hosts
最下方添加
172.16.3.89 Zabbix.qfc
172.16.3.90 qfc-ntp
修改配置文件
master节点:
[root@Zabbix ~]# egrep -v '^#|^$' /etc/salt/master
file_roots:
base:
- /srv/salt
[root@Zabbix ~]# egrep -v '^#|^$' /etc/salt/minion
master: Zabbix.qfc
slave节点:
[root@qfc-ntp ~]# egrep -v '^#|^$' /etc/salt/minion
master: Zabbix.qfc
重启两台全部服务
master节点接受公钥并且查看:
salt-key -A
[root@Zabbix ~]# salt-key -L
Accepted Keys:
Zabbix.qfc
qfc-ntp
Denied Keys:
Unaccepted Keys:
Rejected Keys:
测试是否正常:
[root@Zabbix ~]# salt '*' test.ping
Zabbix.qfc:
True
qfc-ntp:
True
salt-自定义模块
在master端创建目录:
mkdir -p /srv/salt/_modules
新建一个测试脚本:
[root@Zabbix ~]# cat /srv/salt/_modules/my_disk.py
#! /usr/bin/env python
def df():
return __salt__['cmd.run']('df -h')
推送脚本:
salt '*' saltutil.sync_modules
查看脚本是否推送成功
[root@Zabbix minion]# cd /var/cache/salt/minion/
[root@Zabbix minion]# tree
.
├── extmods
│ └── modules
│ ├── my_disk.py
├── files
│ └── base
│ └── _modules
│ ├── my_disk.py
│ └── nginx.py
├── module_refresh
└── proc
6 directories, 5 files
测试:
[root@Zabbix minion]# salt '*' my_disk.df
Zabbix.qfc:
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 320K 1.9G 1% /dev/shm
tmpfs 1.9G 172M 1.7G 10% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/cl-root 46G 26G 20G 56% /
/dev/vda1 1014M 201M 814M 20% /boot
tmpfs 373M 0 373M 0% /run/user/0
qfc-ntp:
Filesystem Size Used Avail Use% Mounted on
devtmpfs 3.8G 0 3.8G 0% /dev
tmpfs 3.8G 100K 3.8G 1% /dev/shm
tmpfs 3.8G 8.6M 3.8G 1% /run
tmpfs 3.8G 0 3.8G 0% /sys/fs/cgroup
/dev/mapper/cl-root 62G 15G 47G 24% /
/dev/mapper/cl-home 30G 246M 30G 1% /home
/dev/vda1 1014M 201M 814M 20% /boot
tmpfs 777M 0 777M 0% /run/user/0
Nginx同步脚本
新建一个nginx相关的salt脚本
cd /srv/salt/_modules
vi nginx.py
分享一个脚本代码:
# -*- coding: utf-8 -*-
'''
Support for nginx
'''
from __future__ import absolute_import
# Import 3rd-party libs
from salt.ext.six.moves.urllib.request import urlopen as _urlopen # pylint: disable=no-name-in-module,import-error
# Import salt libs
import salt.utils
import salt.utils.decorators as decorators
import re
# Cache the output of running which('nginx') so this module
# doesn't needlessly walk $PATH looking for the same binary
# for nginx over and over and over for each function herein
@decorators.memoize
def __detect_os():
#return salt.utils.which('nginx')
return '/usr/local/tengine/sbin/nginx' ####可以写死自己的Nginx目录,如果只有一个可以用上面默认which
def __virtual__():
'''
Only load the module if nginx is installed
'''
if __detect_os():
return True
return (False, 'The nginx execution module cannot be loaded: nginx is not installed.')
def version():
'''
Return server version from nginx -v
CLI Example:
.. code-block:: bash
salt '*' nginx.version
'''
cmd = '{0} -v'.format(__detect_os())
out = __salt__['cmd.run'](cmd).splitlines()
ret = out[0].split(': ')
return ret[-1]
def build_info():
'''
Return server and build arguments
CLI Example:
.. code-block:: bash
salt '*' nginx.build_info
'''
ret = {'info': []}
out = __salt__['cmd.run']('{0} -V'.format(__detect_os()))
for i in out.splitlines():
if i.startswith('configure argument'):
ret['build arguments'] = re.findall(r"(?:[^\s]*'.*')|(?:[^\s]+)", i)[2:]
continue
ret['info'].append(i)
return ret
def configtest():
'''
test configuration and exit
CLI Example:
.. code-block:: bash
salt '*' nginx.configtest
'''
ret = {}
cmd = '{0} -t'.format(__detect_os())
out = __salt__['cmd.run_all'](cmd)
# print(#######################,out)
if out['retcode'] != 0:
ret['comment'] = 'Syntax Error'
ret['stderr'] = out['stderr']
ret['result'] = False
return ret
ret['comment'] = 'Syntax OK'
ret['stdout'] = out['stderr']
ret['result'] = True
return ret
def signal(signal=None):
'''
Signals nginx to start, reload, reopen or stop.
CLI Example:
.. code-block:: bash
salt '*' nginx.signal reload
'''
valid_signals = ('start', 'reopen', 'stop', 'quit', 'reload')
if signal not in valid_signals:
return
# Make sure you use the right arguments
if signal == "start":
arguments = ''
else:
arguments = ' -s {0}'.format(signal)
cmd = __detect_os() + arguments
out = __salt__['cmd.run_all'](cmd)
# A non-zero return code means fail
if out['retcode'] and out['stderr']:
ret = out['stderr'].strip()
# 'nginxctl configtest' returns 'Syntax OK' to stderr
elif out['stderr']:
ret = out['stderr'].strip()
elif out['stdout']:
ret = out['stdout'].strip()
# No output for something like: nginxctl graceful
else:
ret = 'Command: "{0}" completed successfully!'.format(cmd)
return ret
def status(url="http://127.0.0.1/status"):
"""
Return the data from an Nginx status page as a dictionary.
http://wiki.nginx.org/HttpStubStatusModule
url
The URL of the status page. Defaults to 'http://127.0.0.1/status'
CLI Example:
.. code-block:: bash
salt '*' nginx.status
"""
resp = _urlopen(url)
status_data = resp.read()
resp.close()
lines = status_data.splitlines()
if not len(lines) == 4:
return
# "Active connections: 1 "
active_connections = lines[0].split()[2]
# "server accepts handled requests"
# " 12 12 9 "
accepted, handled, requests = lines[2].split()
# "Reading: 0 Writing: 1 Waiting: 0 "
_, reading, _, writing, _, waiting = lines[3].split()
return {
'active connections': int(active_connections),
'accepted': int(accepted),
'handled': int(handled),
'requests': int(requests),
'reading': int(reading),
'writing': int(writing),
'waiting': int(waiting),
}
立即推动脚本:
salt '*' saltutil.sync_modules
新建目录
mkdir -p /srv/salt/out/
cd /srv/salt/out/
把需要的nginx.conf上传改目录,并且创建同步重启脚本:
#!/bin/bash
salt 'qfc-ntp' cmd.run 'cp -f /usr/local/tengine/conf/nginx.conf /usr/local/tengine/conf/nginx.conf_bak'
salt 'qfc-ntp' cp.get_file salt://out/nginx.conf /usr/local/tengine/conf/nginx.conf
salt 'qfc-ntp' cmd.run 'md5sum /usr/local/tengine/conf/nginx.conf'
salt 'qfc-ntp' nginx.configtest
if [ $? -eq 0 ]
then
salt 'qfc-ntp' nginx.signal reload
fi
salt 'Zabbix.qfc' cmd.run 'cp -f /usr/local/tengine/conf/nginx.conf /usr/local/tengine/conf/nginx.conf_bak'
salt 'Zabbix.qfc' cp.get_file salt://nginx/out/nginx.conf /usr/local/tengine/conf/nginx.conf
salt 'Zabbix.qfc' cmd.run 'md5sum /usr/local/tengine/conf/nginx.conf'
salt 'Zabbix.qfc' nginx.configtest
if [ $? -eq 0 ]
then
salt 'Zabbix.qfc' nginx.signal reload
fi
测试
[root@Zabbix out]# sh sync_nginx_conf-new.sh
qfc-ntp:
qfc-ntp:
/usr/local/tengine/conf/nginx.conf
qfc-ntp:
2a960f6d1544e7843132dd06ff6bae4d /usr/local/tengine/conf/nginx.conf
qfc-ntp:
----------
comment:
Syntax OK
result:
True
stdout:
nginx: the configuration file /usr/local/tengine2.3.3/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/tengine2.3.3/conf/nginx.conf test is successful
qfc-ntp:
Command: "/usr/local/tengine/sbin/nginx -s reload" completed successfully!
Zabbix.qfc:
Zabbix.qfc:
Zabbix.qfc:
2a960f6d1544e7843132dd06ff6bae4d /usr/local/tengine/conf/nginx.conf
Zabbix.qfc:
----------
comment:
Syntax OK
result:
True
stdout:
nginx: the configuration file /usr/local/tengine2.3.3/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/tengine2.3.3/conf/nginx.conf test is successful
Zabbix.qfc:
Command: "/usr/local/tengine/sbin/nginx -s reload" completed successfully!
引用的链接:
https://blog.csdn.net/chaos_oper/article/details/92844881
https://blog.csdn.net/aaaaaab_/article/details/81750299
https://www.cnblogs.com/lianglab/p/14146896.html
https://blog.51cto.com/daemonsa/1427894