文章目录
1. SaltStack组件之return
return组件可以理解为SaltStack系统对执行Minion返回后的数据进行存储或者返回给其他程序,它支持多种存储方式,比如用MySQL、MongoDB、Redis、Memcache等,通过return我们可以对SaltStack的每次操作进行记录,对以后日志审计提供了数据来源。目前官方已经支持30种return数据存储与接口,我们可以很方便的配置与使用它。当然也支持自己定义的return,自定义的return需由python来编写。在选择和配置好要使用的return后,只需在salt命令后面指定return即可。
[root@node01-linux ~]# salt '*' sys.list_returners
node01-linux.example.com:
- carbon
- couchdb
- elasticsearch
- etcd
- highstate
- hipchat
- local
- local_cache
- mattermost
- multi_returner
- pushover
- rawfile_json
- slack
- smtp
- splunk
- sqlite3
- syslog
- telegram
node02-linux.example.com:
- carbon
- couchdb
- elasticsearch
- etcd
- highstate
- hipchat
- local
- local_cache
- mattermost
- multi_returner
- pushover
- rawfile_json
- slack
- smtp
- splunk
- sqlite3
- syslog
- telegram
实验环境:
IP地址 | 安装软件 |
---|---|
192.168.1.153 | salt-master sale-minion mariadb |
192.168.1.155 | salt-minion mariadb |
192.168.1.152 | mysql数据库 |
1.1 部署Mysql
//192.168.1.152服务器mysql数据库搭建
[root@localhost ~]# groupadd -r -g 123 mysql
[root@localhost ~]# useradd -r -M -s /sbin/nologin -g 123 -u 123 mysql
[root@localhost ~]# id mysql
uid=123(mysql) gid=123(mysql) 组=123(mysql)
[root@localhost ~]# ls
anaconda-ks.cfg mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
[root@localhost ~]# tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /opt/mysql
[root@localhost ~]# ls /opt/mysql
mysql-5.7.22-linux-glibc2.12-x86_64
[root@localhost ~]# tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /opt/mysql
[root@localhost ~]# ls /opt/mysql
mysql-5.7.22-linux-glibc2.12-x86_64
[root@localhost ~]# ln -sv /opt/mysql/mysql-5.7.22-linux-glibc2.12-x86_64/ /opt/mysql/mysql
"/opt/mysql/mysql" -> "/opt/mysql/mysql-5.7.22-linux-glibc2.12-x86_64/"
[root@localhost ~]# ll /opt/mysql
总用量 0
lrwxrwxrwx. 1 root root 47 2月 29 15:24 mysql -> /opt/mysql/mysql-5.7.22-linux-glibc2.12-x86_64/
drwxr-xr-x. 9 root root 129 2月 29 15:23 mysql-5.7.22-linux-glibc2.12-x86_64
[root@localhost ~]# chown -R mysql.mysql /opt/mysql
[root@localhost ~]# ll /opt/mysql
总用量 0
lrwxrwxrwx. 1 mysql mysql 47 2月 29 15:24 mysql -> /opt/mysql/mysql-5.7.22-linux-glibc2.12-x86_64/
drwxr-xr-x. 9 mysql mysql 129 2月 29 15:23 mysql-5.7.22-linux-glibc2.12-x86_64
[root@localhost ~]# ls /opt/mysql/mysql
bin COPYING docs include lib man README share support-files
[root@localhost ~]# echo 'export PATH=/opt/mysql/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@localhost ~]# . /etc/profile.d/mysql.sh
[root@localhost ~]# echo $PATH
/opt/mysql/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@localhost ~]# mkdir /opt/data
[root@localhost ~]# chown -R mysql.mysql /opt/data/
[root@localhost ~]# ll /opt/
总用量 0
drwxr-xr-x. 2 mysql mysql 6 2月 29 15:32 data
drwxr-xr-x. 3 mysql mysql 62 2月 29 15:24 mysql
[root@localhost ~]# mysqld --initialize --user=mysql --datadir=/opt/data
2020-02-29T07:34:36.567573Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2020-02-29T07:34:36.567872Z 0 [ERROR] Can't find error-message file '/usr/local/mysql/share/errmsg.sys'. Check error-message file location and 'lc-messages-dir' configuration directive.
2020-02-29T07:34:36.889556Z 0 [Warning] InnoDB: New log files created, LSN=45790
2020-02-29T07:34:36.949854Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2020-02-29T07:34:37.077753Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: f00ec12c-5ac5-11ea-bd2d-000c29918680.
2020-02-29T07:34:37.078262Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2020-02-29T07:34:37.078844Z 1 [Note] A temporary password is generated for root@localhost: Uo9hzu5nmC:q
[root@localhost ~]# echo 'Uo9hzu5nmC:q' > /root/mysqlpass
[root@localhost ~]# cat /root/mysqlpass
Uo9hzu5nmC:q
[root@localhost ~]# vim /etc/my.cnf
[root@localhost ~]# cat /etc/my.cnf
[mysqld]
basedir = /opt/mysql/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
[root@localhost ~]# cp -a /opt/mysql/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@localhost ~]# service mysqld start
Starting MySQL.Logging to '/opt/data/localhost.localdomain.err'.
SUCCESS!
[root@localhost ~]# mysql -uroot -pUo9hzu5nmC:q
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.22
mysql> set password = password('123456');
Query OK, 0 rows affected, 1 warning (0.00 sec)
[root@localhost ~]# mysql -uroot -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.22 MySQL Community Server (GPL)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
mysql> CREATE DATABASE `salt`
-> DEFAULT CHARACTER SET utf8
-> DEFAULT COLLATE utf8_general_ci;
Query OK, 1 row affected (0.01 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| salt |
| sys |
+--------------------+
5 rows in set (0.00 sec)
mysql> USE `salt`;
Database changed
mysql> DROP TABLE IF EXISTS `jids`;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> CREATE TABLE `jids` (
-> `jid` varchar(255) NOT NULL,
-> `load` mediumtext NOT NULL,
-> UNIQUE KEY `jid` (`jid`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.09 sec)
mysql> DROP TABLE IF EXISTS `salt_returns`;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> CREATE TABLE `salt_returns` (
-> `fun` varchar(50) NOT NULL,
-> `jid` varchar(255) NOT NULL,
-> `return` mediumtext NOT NULL,
-> `id` varchar(255) NOT NULL,
-> `success` varchar(10) NOT NULL,
-> `full_ret` mediumtext NOT NULL,
-> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-> KEY `id` (`id`),
-> KEY `jid` (`jid`),
-> KEY `fun` (`fun`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.08 sec)
mysql> DROP TABLE IF EXISTS `salt_events`;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> CREATE TABLE `salt_events` (
-> `id` BIGINT NOT NULL AUTO_INCREMENT,
-> `tag` varchar(255) NOT NULL,
-> `data` mediumtext NOT NULL,
-> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-> `master_id` varchar(255) NOT NULL,
-> PRIMARY KEY (`id`),
-> KEY `tag` (`tag`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.01 sec)
mysql> show tables;
+----------------+
| Tables_in_salt |
+----------------+
| jids |
| salt_events |
| salt_returns |
+----------------+
3 rows in set (0.00 sec)
mysql> GRANT ALL ON salt.* TO 'salt'@'192.168.1.155' IDENTIFIED BY 'salt';
Query OK, 0 rows affected, 1 warning (0.01 sec)
mysql> GRANT ALL ON salt.* TO 'salt'@'192.168.1.153' IDENTIFIED BY 'salt';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
1.2 配置minion
return是在Master端触发任务,然后Minion接受处理任务后直接与return存储服务器建立连接,然后把数据return存到存储服务器。关于这点一定要注意,因为此过程都是Minion端操作存储服务器,所以要确保Minion端的配置跟依赖包是正确的,这意味着我们将必须在每个Minion上安装指定的return方式依赖包,假如使用Mysql作为return存储方式,那么我们将在每台Minion上安装MySQL-python模块。
1.2.1 安装MySQL-python模块
在所有minion上安装
MySQL-python模块
[root@node01-linux ~]# salt '*' cmd.run 'yum -y install MySQL-python'
...
此处省略N行返回信息
...
[root@node01-linux ~]# salt '*' cmd.run 'rpm -qa|grep MySQL*'
node02-linux.example.com:
MySQL-python-1.2.5-1.el7.x86_64
node01-linux.example.com:
MySQL-python-1.2.5-1.el7.x86_64
1.2.2 修改minion配置文件
[root@node01-linux ~]# vim /etc/salt/minion
...
return: mysql //将此行注释取消掉
#
#return: mysql,slack,redis
#
#return:
# - mysql
# - hipchat
# - slack
mysql.host: '192.168.1.152' //添加此行,数据库服务器的IP地址
mysql.user: 'salt' //添加此行,数据库账号
mysql.pass: 'salt' //添加此行,数据库密码
mysql.db: 'salt' //添加此行,所写的库
mysql.port: 3306 //添加此行,数据库端口
//将minion配置文件拷贝到所有minion端
[root@node01-linux ~]# salt-cp 'node0[2]*' /etc/salt/minion /etc/salt/
node02-linux.example.com:
----------
/etc/salt/minion:
True
[root@node01-linux ~]# salt '*' cmd.run 'systemctl restart salt-minion'
1.2.3 安装mysql命令
因为客户端要对数据库进行写入,所以要有mysql命令
[root@node01-linux ~]# salt '*' cmd.run 'yum -y install mariadb'
1.3 测试
在Master上测试存储到mysql中
[root@node01-linux ~]# salt '*' cmd.run 'df -h'
node02-linux.example.com:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 17G 1.4G 16G 8% /
devtmpfs 901M 0 901M 0% /dev
tmpfs 912M 40K 912M 1% /dev/shm
tmpfs 912M 8.7M 903M 1% /run
tmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/sda1 1014M 143M 872M 15% /boot
tmpfs 183M 0 183M 0% /run/user/0
node01-linux.example.com:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 17G 1.4G 16G 8% /
devtmpfs 901M 0 901M 0% /dev
tmpfs 912M 240K 912M 1% /dev/shm
tmpfs 912M 8.6M 904M 1% /run
tmpfs 912M 0 912M 0% /sys/fs/cgroup
/dev/sda1 1014M 143M 872M 15% /boot
tmpfs 183M 0 183M 0% /run/user/0
在数据库中查询
*************************** 12. row ***************************
fun: cmd.run
jid: 20200229173153865559
return: "Filesystem Size Used Avail Use% Mounted on\n/dev/mapper/rhel-root 17G 1.4G 16G 8% /\ndevtmpfs 901M 0 901M 0% /dev\ntmpfs 912M 40K 912M 1% /dev/shm\ntmpfs 912M 8.7M 903M 1% /run\ntmpfs 912M 0 912M 0% /sys/fs/cgroup\n/dev/sda1 1014M 143M 872M 15% /boot\ntmpfs 183M 0 183M 0% /run/user/0"
id: node02-linux.example.com
success: 1
full_ret: {"fun_args": ["df -h"], "jid": "20200229173153865559", "return": "Filesystem Size Used Avail Use% Mounted on\n/dev/mapper/rhel-root 17G 1.4G 16G 8% /\ndevtmpfs 901M 0 901M 0% /dev\ntmpfs 912M 40K 912M 1% /dev/shm\ntmpfs 912M 8.7M 903M 1% /run\ntmpfs 912M 0 912M 0% /sys/fs/cgroup\n/dev/sda1 1014M 143M 872M 15% /boot\ntmpfs 183M 0 183M 0% /run/user/0", "retcode": 0, "success": true, "fun": "cmd.run", "id": "node02-linux.example.com"}
alter_time: 2020-02-29 17:31:53
*************************** 13. row ***************************
fun: cmd.run
jid: 20200229173153865559
return: "Filesystem Size Used Avail Use% Mounted on\n/dev/mapper/rhel-root 17G 1.4G 16G 8% /\ndevtmpfs 901M 0 901M 0% /dev\ntmpfs 912M 240K 912M 1% /dev/shm\ntmpfs 912M 8.6M 904M 1% /run\ntmpfs 912M 0 912M 0% /sys/fs/cgroup\n/dev/sda1 1014M 143M 872M 15% /boot\ntmpfs 183M 0 183M 0% /run/user/0"
id: node01-linux.example.com
success: 1
full_ret: {"fun_args": ["df -h"], "jid": "20200229173153865559", "return": "Filesystem Size Used Avail Use% Mounted on\n/dev/mapper/rhel-root 17G 1.4G 16G 8% /\ndevtmpfs 901M 0 901M 0% /dev\ntmpfs 912M 240K 912M 1% /dev/shm\ntmpfs 912M 8.6M 904M 1% /run\ntmpfs 912M 0 912M 0% /sys/fs/cgroup\n/dev/sda1 1014M 143M 872M 15% /boot\ntmpfs 183M 0 183M 0% /run/user/0", "retcode": 0, "success": true, "fun": "cmd.run", "id": "node01-linux.example.com"}
alter_time: 2020-02-29 17:31:54
13 rows in set (0.00 sec)
2. job cache
为了不发生冲突,请将salt-minion所有操作还原。
2.1 job cache流程
return时是由Minion直接与存储服务器进行交互,因此需要在每台Minion上安装指定的存储方式的模块,比如python-mysql,那么我们能否直接在Master上就把返回的结果给存储到存储服务器呢?
答案是肯定的,这种方式被称作 job cache 。意思是当Minion将结果返回给Master后,由Master将结果给缓存在本地,然后将缓存的结果给存储到指定的存储服务器,比如存储到mysql中。
开启master端的master_job_cache
[root@node01-linux ~]# vim /etc/salt/master
# The master maintains a job cache. While this is a great addition, it can be
# a burden on the master for larger deployments (over 5000 minions).
# Disabling the job cache will make previously executed jobs unavailable to
# the jobs system and is not generally recommended.
#job_cache: True
master_job_cache: mysql //添加此行,开启job写入mysql数据库
mysql.host: '192.168.1.152' //添加此行,数据库服务器的IP地址
mysql.user: 'salt' //添加此行,数据库账号
mysql.pass: 'salt' //添加此行,数据库密码
mysql.db: 'salt' //添加此行,所写的库
mysql.port: 3306 //添加此行,数据库端口
[root@node01-linux ~]# systemctl restart salt-master
在数据库服务器中清空表内容
[root@localhost ~]# mysql -uroot -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 24
Server version: 5.7.22 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> delete from salt.salt_returns;
Query OK, 13 rows affected (0.00 sec)
mysql> select * from salt.salt_returns;
Empty set (0.00 sec)
在master上再次测试能否存储至数据库
[root@node01-linux ~]# salt '*' test.ping
node02-linux.example.com:
True
node01-linux.example.com:
True
在数据库中查询
mysql> select * from salt.salt_returns;
Empty set (0.00 sec)
mysql> select * from salt.salt_returns \G;
*************************** 1. row ***************************
fun: test.ping
jid: 20200229183015305785
return: true
id: node02-linux.example.com
success: 1
full_ret: {"fun_args": [], "jid": "20200229183015305785", "return": true, "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2020-02-29T10:30:15.519177", "fun": "test.ping", "id": "node02-linux.example.com"}
alter_time: 2020-02-29 18:30:15
*************************** 2. row ***************************
fun: test.ping
jid: 20200229183015305785
return: true
id: node01-linux.example.com
success: 1
full_ret: {"fun_args": [], "jid": "20200229183015305785", "return": true, "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2020-02-29T10:30:15.531590", "fun": "test.ping", "id": "node01-linux.example.com"}
alter_time: 2020-02-29 18:30:15
2 rows in set (0.00 sec)
ERROR:
No query specified
2.2 job管理
获取任务的jid
[root@node01-linux ~]# salt '*' cmd.run 'uptime' -v
Executing job with jid 20200229183202206255 //此处就是此命令的jid
-------------------------------------------
node02-linux.example.com:
18:32:02 up 5:06, 2 users, load average: 0.00, 0.01, 0.05
node01-linux.example.com:
18:32:02 up 1:43, 1 user, load average: 0.32, 0.10, 0.07
通过jid获取此任务的返回结果
[root@node01-linux ~]# salt-run jobs.lookup_jid 20200229183202206255
node01-linux.example.com:
18:32:02 up 1:43, 1 user, load average: 0.32, 0.10, 0.07
node02-linux.example.com:
18:32:02 up 5:06, 2 users, load average: 0.00, 0.01, 0.05
设置编译安装的Mysql服务随服务器启动而启动
让应用随系统自启动一般有两种方法,一种是放到rc.local下面,一种是放在/etc/init.d下面作为系统服务,两种方法都是 root 用户执行的,这里列出第二种方法。
[root@localhost ~]# cp -a /opt/mysql/mysql/support-files/mysql.server /etc/init.d/mysqld //此步在上面已经做过
[root@localhost ~]# chkconfig --add mysqld
[root@localhost ~]# chkconfig --list mysqld
注:该输出结果只显示 SysV 服务,并不包含
原生 systemd 服务。SysV 配置数据
可能被原生 systemd 配置覆盖。
要列出 systemd 服务,请执行 'systemctl list-unit-files'。
查看在具体 target 启用的服务请执行
'systemctl list-dependencies [target]'。
mysqld 0:关 1:关 2:开 3:开 4:开 5:开 6:关