saltstack运维自动化工具
环境:
server1:172.25.52.1 (Master)
server2:172.25.52.2 (Client)
一、安装slat
配置yum源(以master为例,clent端配置一样)
[root@server1 ~]# cat /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.52.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[slat]
name=slatstack
baseurl=http://172.25.52.250/slatstack/rhel6
gpgcheck=0
查看yum源
[root@server1 ~]# yum repolist
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
repo id repo name status
HighAvailability HighAvailability 56
LoadBalancer LoadBalancer 4
ResilientStorage ResilientStorage 62
ScalableFileSystem ScalableFileSystem 7
rhel-source Red Hat Enterprise Linux 6Server - x86_64 - Source 3,690
slat slatstack 29 ##如果成功这个地方会显示可以下载的个数
repolist: 3,848
1.安装 salt-master(master端)
[root@server3 ~]# yum install -y salt-master ##下载salt-master
配置master
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim master ##修改配置文件添加 master ip
13
14 # The address of the interface to bind to:
15 interface: 172.25.52.1
16
[root@server1 salt]# /etc/init.d/salt-master start ##启动salt-master
Starting salt-master daemon: [ OK ]
[root@server1 salt]# netstat -antple ##查看salt启动接口
tcp 0 0 172.25.52.1:4505 0.0.0.0:* LISTEN 0 13983 1141/python2.6
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 8337 965/master
tcp 0 0 172.25.52.1:4506 0.0.0.0:* LISTEN 0 13997 1148/python2.6
4505:链接用的,发布订阅
4506:请求响应,zmq(消息队列)
2.安装 salt-minion (client端)
[root@server2 yum.repos.d]# yum install salt-minion
[root@server2 yum.repos.d]# cd /etc/salt/
[root@server2 salt]# vim minion
13
14 # Set the location of the salt master server. If the master server cannot be
15 # resolved, then the minion will fail to start.
16 master: 172.25.52.1
17
[root@server2 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server3 daemon: OK
启动ok后,会生成 minion_id文件
注意:修改 IP 或 hostname 时,必须删除该文件
[root@server2 salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
二、master端连接client端
[root@server1 salt]# salt-key -L ##显示minion
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
server3
Rejected Keys:
A:全部添加;a:添加指定主机
[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server2
server3
Proceed? [n/Y] Y
Key for minion server2 accepted.
Key for minion server3 accepted.
[root@server1 salt]# salt-key -L ##minion全部添加成功
Accepted Keys:
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
salt-key : 实质上,是将master和minion的公钥互换
master端:(以master.pub为例)
[root@server1 master]# pwd
/etc/salt/pki/master
[root@server1 master]# ls
master.pem minions minions_denied minions_rejected
master.pub minions_autosign minions_pre
[root@server1 master]# md5sum master.pub
minion端:(以minion_master.pub为例)
[root@server2 minion]# pwd
/etc/salt/pki/minion
[root@server2 minion]# ls
minion_master.pub minion.pem minion.pub
[root@server2 minion]# md5sum minion_master.pub
c83dfdc89232a3385c13d4f3967b7e36 minion_master.pub
三、查看salt的相关信息
1.master端查看tree结构
[root@server1 pki]# pwd
/etc/salt/pki
[root@server1 pki]# tree . ##这个命令需要后装
-bash: tree: command not found
[root@server1 pki]# yum install tree ##下载tree命令
[root@server1 pki]# tree .
.
|-- master
| |-- master.pem
| |-- master.pub
| |-- minions
| | |-- server2
| | `-- server3
| |-- minions_autosign
| |-- minions_denied
| |-- minions_pre
| `-- minions_rejected
`-- minion
7 directories, 4 files
2.minion查看tree结构
[root@server2 pki]# pwd
/etc/salt/pki
[root@server2 pki]# tree .
.
|-- master
`-- minion
|-- minion_master.pub
|-- minion.pem
`-- minion.pub
2 directories, 3 files
3.查看python端口进程
[root@server1 pki]# yum install -y python-setproctitle.x86_64
[root@server1 pki]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server1 pki]# ps ax
4133 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ProcessMan
4134 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d Multiproce
4135 ? Sl 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ZeroMQPubS
4136 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d EventPubli
4140 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d Maintenanc
4141 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ReqServer_
4142 ? Sl 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorkerQue
4143 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-0
4150 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-1
4151 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-2
4152 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-3
4153 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-4
4.测试salt服务
[root@server1 pki]# salt '*' test.ping
server3:
True
server2:
True
[root@server1 pki]# salt '*' cmd.run hostname
server2:
server2
server3:
server3
四、配置自动化部署
master端
1、修改配置文件*
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim master ##把原来注释掉的取掉
533 #
534 file_roots:
535 base:
536 - /srv/salt
537 #
538
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
2、配置部署脚本
[root@server1 salt]# cd /srv/salt
[root@server1 salt]# mkdir httpd
[root@server1 salt]# cd httpd/
[root@server1 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
同样的id,同样的模块只能掉用1次!!
yum源必须正常!
3.测试、执行脚本
测试:
[root@server1 httpd]# salt server2 state.sls httpd.apache test=true
server2:
----------
ID: apache-install
Function: pkg.installed
Result: None
Comment: The following packages would be installed/updated: php
Started: 14:57:39.707516
Duration: 256.847 ms
Changes:
Summary for server2
------------
Succeeded: 1 (unchanged=1)
Failed: 0
------------
Total states run: 1
Total run time: 256.847 ms
[root@server1 httpd]# salt server2 state.sls httpd.apache
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: php
The following packages were already installed: httpd
Started: 14:58:17.224952
Duration: 2937.007 ms
Changes:
----------
php:
----------
new:
5.3.3-26.el6
old:
php-cli:
----------
new:
5.3.3-26.el6
old:
php-common:
----------
new:
5.3.3-26.el6
old:
Summary for server2
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 2.937 s
4.minion端查看
[root@server2 ~]# rpm -q httpd php
httpd-2.2.15-29.el6_4.x86_64
php-5.3.3-26.el6.x86_64
5、脚本格式2
[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# vim apache.sls
httpd:
pkg.installed
php:
pkg.installed
[root@server1 httpd]# salt server2 state.sls httpd.apache test=true
server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: Package httpd is already installed
Started: 15:03:15.330798
Duration: 254.971 ms
Changes:
----------
ID: php
Function: pkg.installed
Result: True
Comment: Package php is already installed
Started: 15:03:15.585908
Duration: 0.315 ms
Changes:
Summary for server2
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 255.286 ms
## 执行结果,结果反馈ok,说明脚本格式正确!
五、salt服务管理
1.apache服务管理:启动服务
[root@server1 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
apache-service:
service.running:
- name: httpd
- enable: True
[root@server1 httpd]# salt server2 state.sls httpd.apache
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 15:06:10.834905
Duration: 255.055 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 15:06:11.090456
Duration: 121.778 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 376.833 ms
查看server2的httpd状态
[root@server2 ~]# netstat -anple | grep http
tcp 0 0 :::80 :::* LISTEN 0 15752 1811/httpd
##80接口开启说明没有问题
2.更改httpd的默认端口
因为server1没有安装http所以没有配置文件,需要在server2拷贝一份
[root@server2 ~]# cd /etc/httpd/conf
[root@server2 httpd]# ls
httpd.conf magic
[root@server2 conf]# scp httpd.conf server1:/srv/salt/httpd/files ##因为server1没有安装http所以没有配置文件,需要在server2拷贝一份
The authenticity of host 'server1 (172.25.52.1)' can't be established.
RSA key fingerprint is 37:ce:21:89:00:9b:36:17:f1:20:a9:67:24:3e:22:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server1,172.25.52.1' (RSA) to the list of known hosts.
root@server1's password:
httpd.conf 100% 34KB 33.6KB/s 00:00
[root@server1 files]# pwd
/srv/salt/httpd/files
[root@server1 files]# vim httpd.conf ##修改端口
134 #
135 #Listen 12.34.56.78:80
136 Listen 8080
137
138 #
[root@server1 httpd]# vim apache.sls ##修改脚本
##原脚本改变至以下:
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
[root@server1 httpd]# salt server2 state.sls httpd.apache ##修改后再次推送
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 16:50:45.939081
Duration: 252.569 ms
Changes:
----------
ID: apache-install
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 16:50:46.195020
Duration: 39.002 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 8080
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache-install
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 16:50:46.250856
Duration: 49.212 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 340.783 ms
## server2查看接口改变
[root@server2 ~]# netstat -antple | grep http
tcp 0 0 :::8080 :::* LISTEN 0 10454 993/httpd
## 接口改变成设定的8080接口
3、多种格式
[root@server1 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
[root@server1 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
4.节耦(安装、管理分开)
[root@server1 httpd]# ls
files install.sls service.sls
[root@server1 httpd]# cat install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
[root@server1 httpd]# cat service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:11:32.503373
Duration: 251.231 ms
Changes:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 17:11:32.755770
Duration: 24.503 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 17:11:32.780798
Duration: 15.635 ms
Changes:
Summary for server2
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 291.369 ms
##推送成功,证明没有问题