func-mcollective-salt-and-rundeck(saltstack简介)

转自：http://wiki.saltstack.cn/func-mcollective-salt-and-rundeck

* 原文: http://www.coloandcloud.com/editorial/func-mcollective-salt-and-rundeck/

* 译者: pengyao

* 译者注: 无意中看到这篇文章，才知道世界上还有salt这个神器，把玩一番后被深深的吸引,不可自拔......

Remote execution is an often underestimated component of cloud computing. Some compare it to the foundation of a building that easily gets looked over, but facilitates the construction of the edifice placed on top. The goal of a remote execution system is to have a means to execute commands on large numbers of desktops/servers without having to log into them one at a time.Several open source cloud communication / remote execution solutions are currently available; we’ll just focus our attention on Func, MCollective, Salt and RunDeck. While differing in their strengths, there is enough similarities to review these four solutions together.

远程命令执行是一个常常被低估的云计算组件. 有人将它比作一个大厦的基础,看起来很简单,却承载着上层建筑. 远程执行系统的目的是无需一次登录到大量桌面或服务器上,即可完成大批量远程执行命令操作. 当前有许多开源的通讯或远程执行套件: 我们将在本文关注下Func、MCollective、Salt及RunDeck，对比他们的优势和差异.

Func

Func is an acronym for “Fedora Unified Network Controller“, and is a popular open source tool that provides a two-way authenticated system for remote administration. Func is customizable with modules and easily works in conjunction with applications.

Func 是Fedora Unified Network Controller的首字母缩写，它是一个流行的开源工具，为远程管理提供双端认证的系统. Func 是通过定制化的模块非常易于和应用程序结合工作.

Integration with existing management tools(与现有管理工具整合)

Func is included in Fedora and EPEL. Func is compatible with EL-4 and up, and Fedora 7 and up. Active development with Taboot, OpenSymbolic, Genome,FuncWeb, Loki, Funcshell, CAS and OpenNode. Puppet certificate authority integration.

与以存在的管理工具集成， Func包含在 Fedora 及 EPEL 中， Func兼容EL-4及Fedora 7及以上系统. 活跃的开发使用者有Taboot, OpenSymbolic, Genome, FuncWeb, Loki, Funcshell, CAS及 OpenNode. 可以轻松和Puppet证书认证集成.

Programming interface(编程接口)

Python API for module creation, development and customization. Various libraries exist to speak with Func from other languages (such as the Java/Groovy Binding). Func works over XMLRPC and SSL.

为模块创建、开发及定制提供Python API. 多样的函数库为其他语言(如Java/Groovy)连通Func提供了桥梁. Func工作基于XMLRPC和SSL.

Scale it can handle Can handle large networks of desktops/servers with a minimum of hassel and setup.

只需要少量的成本和部署，即可操作大量的桌面/服务器.

Ease of deployment(部署简单)

Simple setup: yum/rpm; debian, and AIX (limited).

部署简单: yum/rpm; debian及AIX(有限制).

Features offered（特性）

Manage an arbitrary group of machines all at once. Automatically distribute certificates to all “Slave” machines. Command line for sending remote commands and gathering data. Anyone can write their own modules using the Python module API. Works over XMLRPC and SSL. Uses certmaster for secure master-to-slave communication.

一次课管理任意主机组. 自动为 Slave分配证书. 通过命令行发送远程执行命令及收集数据. 可以通过Python API模块编写自己的模块. 基于XMLRPC和SSL, 使用certmaster来保证master到slave交互数据安全.

Resources(资源)

* Func website: https://fedorahosted.org/func/

* Func-list: https://www.redhat.com/mailman/listinfo/func-list

* #func IRC on irc.freenode.net

Salt

Salt is quite flexible and has shown appeal to simple system administrator tasks, as well as the DevOps community, up to application development. Salt is intended not only to be an interface as an administrative tool, but also a development platform. Salt has a very rich feature set, from being extremely fast to being highly extensible.

Salt是一个相当灵活、简单易于的系统管理工具，常用于DevOps环境. Salt不仅仅可以作为管理工具接口，也可用于开发平台. Salt有非常丰富的特性，可以快速部署、高效扩展.

Integration with existing management tools(与现有管理工具整合)

• Salt is fundamentally detached in the way that it executes commands, which makes it easy to actively integrate into existing applications. Salt is integrated in the package managers for Red Hat, Fedora, Debian, Ubuntu, FreeBSD, Gentoo and Arch Linux. Salt is also integrated into libvirt for virtual machine management, as well as the network stack, and user management system for Linux and FreeBSD. Salt modules enable platform specific application integration.

与已存在的管理工具整合. 通过执行命令, Salt可以轻松的与已存在的应用整合. Salt可以整合在RedHat、Fedora、Debian、Ubuntu、FreeBSD、Gentoo及Arch Linux包管理系统中. Salt也可以整合在libvirt中，用于虚拟机的管理，也可以为Linux及FreeBSD提供用户管理. Salt模块化的平台支持和应用程序整合. (译者注：当前Salt已经包含在EPEL中)

Programming interface(编程接口)

Salt comes with a Python API. The api can be used to do many things, from integrating an application into the remote execution system, to gaining direct access to the system that integrates application interfaces.

Salt提供一个Python API. 该API可以用于在远程执行系统中整合应用程序, 为应用程序接口提供直接访问系统的接口.

Scale it can handle

Salt is engineered to handle a high load and has been tested with concurrent complex commands running simultaneously on almost 2000 clients at once for sustained periods. Salt also scales in the form of process space, as it supports multiple worker processes. Additionally, Salt can also scale from a topology perspective, the salt syndic interface allows for many groups of salt minions to be joined together in ad hoc management layouts.

Salt为高负载环境设计，测试数据为复杂命令运行并发支撑近2000个客户端. Salt支持多线程. 此外，salt syndic接口允许大量的salt minions组加入到特别的管理层(译者注：没太明白原文意思......).

Ease of deployment(易于部署)

To deploy Salt, it only needs to be installed, pointed to the salt master (a one line config change) and turned on. Generally, you can have Salt up and running in a matter of minutes.

部署Salt时，只需要安装salt后，指向salt master(只需一行配置)并运行它即可. 通常情况下，部署及运行salt整个过程只需要数分钟即可.

Features offered(特性)

Salt integrates configuration management with remote execution, creating a complete control interface. A few of the built-in features include support for: Apache, Portage, FreeBSD, Tomcat, YUM. Salt also executes calls on SELinux and Puppet routines.

Salt整合了配置管理及远程执行命令, 提供了一个完整的控制接口. 内置的特性包括支持Apache, Portage, FreeBSD, YUM. Salt也可以在SELinux及Puppet路由(译者注: 这个puppet routines该怎么理解......)上执行调用

Resources(资源)

* SaltStack website: http://saltstack.org/

* IRC channel #salt on OFTC

* Google User Group: https://groups.google.com/forum/#!forum/salt-users

* SaltStack video channel: http://blip.tv/saltstack

MCollective

MCollective, formerly known as “Marionette Collective” (acquired by Puppet Labs in 2010), is a tool primarily used for programmatic execution of System Administration actions on clusters of servers. MCollective delivers a very scalable and very fast parallel execution environment by leveraging Publish Subscribe Middleware and meta data (as opposed to hostnames).

MCollective, 早期被称为Marionette Collective(acquired by Puppet Labs in 2010), 是一个主要用于在集群环境中为系统管理提供命令执行的工具. MCollective通过发布/订阅(Publish Subscribe)中间件及元数据(as opposed to hostnames)提供一个易度量并快速平行执行环境.

Integration with existing management tools(与现有管理工具整合)

MCollective’s core framework allows the user to build out a customized system (replace MCollective’s choice of middleware – STOMP compliant middleware – with your own like AMQP based). You can replace the authorization system with one that suits your local needs. Additionally you can replace the serialization – Ruby Marshal and YAML based – with your own like JSONSchema that is cross language. You can also add sources of data, like Chef and Puppet, and can provide a plugin to give access to your tools data. You can also create a central inventory of services leveraging MCollective as transport that can run and distribute inventory data on a regular basis.

MCollective核心框架允许用户建立一个定制化的系统(替换掉MCollective选择的STOMP compliant中间件，替换为如AMQP等等). 你也可以基于本地环境需要替换掉授权系统. 此外也可以替换掉 Ruby Marshal及YAML，替换为JSONSchema。 你也可以添加数据源，如Chef及Puppet等能够提供访问工具数据的查件. 你也可以利用MCollective作为数据传送工具建立中心服务资产管理，定期正确的分配数据(译者注: 没用过MCollective，所以翻译得很晦涩，不过MCollective看起来很强大).

Programming interface(编程接口)

Write simple RPC style agents, clients and Web UIs in Ruby.

通过Ruby可以编写简单的RPC样式agent, clients和Web UI

Scale it can handle

Small to very large clusters of servers. Re-use the ability of middleware to do clustering, routing and network isolation to realize secure and scalable setups.

从小规模服务到大规模集群应用. Re-use the ability of middleware to do clustering, routing and network isolation to realize secure and scalable setups.

Ease of deployment(易于部署)yum,

Setup is straight-forward, requiring: 1) A Stomp server, tested against ActiveMQ; 2) Ruby; Rubygems; 3)A Ruby Stomp Client. Offers serveral easy installs: yum/rpm, plus a blip.tv channel with videos, webinars and screen casts for additional support.

Setup is straigh-forward, 需要: 1) 一个Stomp服务, tested against ActiveMQ; 2) Ruby: Rubygems; 3)一个Ruby Stomp客户端. 可以通过yum/rpm等轻松安装, blip.tv有视频，在线研讨会及截图提供额外的支持.

Features offered(特性) Interact with small to large server clusters. Uses a broadcast paradigm for request distribution. Address machines by meta-data (from Puppet, Chef, Facter, Ohai or your own plugin) as opposed to their hostnames. Simple to use command line tools to call remote agents. Write custom infrastructure reports. Active community developing agents to manage packages, services and other components. Write simple RPC style agents, clients and Web UIs in Ruby. Extremely pluggable and adaptable to local needs.

适用于从小规模服务到大规模集群应用. 使用广播来完成请求分配. 主机元数据(来源于Puppet、Chef、Facter、Ohai或你自己的插件) as opposed to their hostnames. 简单的命令行工具区调用远端agent. 可以自定义基础抱抱。 活跃的社区开发agent管理抱，服务和其他自检. 通过Ruby可以编写简单的RPC样式的agent, clients和Web UI. Extremely pluggable and adaptable to local needs.

Resources(资源)

* MCollective website: http://puppetlabs.com/mcollective/introduction/

* Author’s blog: http://www.devco.net/archives/tag/mcollective

* MCollective User Group: http://groups.google.com/group/mcollective-users

* Video Channel: http://blip.tv/the-marionette-collective

* @puppetlabs: http://twitter.com/#!/search/puppetlabs

RunDeck

RunDeck’s primary goal is to play the role of a job console, a web-based simple workflow tool for DevOps teams to define and run a variety of routine jobs in a distributed environment.

RunDeck主要目标是为DevOps团队提供一个指令控制台， 一个基于web简单工作流的工具,用于在分布式环境中定义和运行多样的任务.

Integration with existing management tools(与现有工具整合)

There exist plugins for: Chef, Puppet, Amazon EC2, and Jenkins. RunDeck has a few plugin interfaces for retrieving Node resources and Job Option values from other sources. Plugins can be defined using shell scripts which allows hand-rolled integration with e.g. in-house CMDBs. It also has webhooks for reporting job results to other systems, and a Web API for interacting with jobs and adhoc commands, resources, and executions.

现有查件可以支持Chef, Puppet, Amazon EC2及Jenkins. RunDeck提供插件接口可以用于从其他资源中检索节点资源和任务选项值等. Plugins can be defined using shell scripts which allows hand-rolled integration with e.g. in-house CMDBs. 同时也提供为WEB钩子可以将任务结果报告给其他系统及一个WebAPI作用于jobs、adhoc命令、资源及执行(译者注: 亲，没结果过RunDeck，翻译得好晦涩......)

Programming interface(编程接口)

There is a HTTP API to perform most tasks that are available via the GUI. Most plugins can be written as shell scripts and all can be written in Java.

当前提供有一个HTTP API，可以用于通过GUI完成大多数任务. 大多数插件可以使用shell编写，Java可以完整all (译者注: 看看玩RunDeck的运维得懂Java啊)

Scale it can handle

Some clients have used it with upwards of 7000 nodes. Depending on what kind of scale (concurrent jobs vs. number of nodes), different RAM requirements come into play.

一些客户用它部署了7000多个节点. Depending on what kind of scale (concurrent jobs vs. number of nodes), different RAM requirements come into play.

Ease of deployment(易于部署)

There are several easy installs: yum/rpm; debian; and a single-file “launcher” jar which can install and run itself (similar to Jenkins’ war). Projects can be set up and configured via the CLI or GUI. Requirements: java 6 (works with openjdk).

有多重方法进行安装，如yum/rpm; debian; 单个文件运行jar（类似于Jenkins的war包）. 项目可以通过CLI或GUI建立. 需要安装Java 6(可可以用openjdk).

Features offered(特性)

There is a job scheduler for running commands and workflows on multiple nodes. The GUI provides easy shared view of live executions, history, nodes and jobs. Also provides CLI and web API. Authentication and Authorization via LDAP/Active-Directory or file-based. Comprehensive access control policy: control who can see, run, and modify Projects and Jobs. Adhoc executions in the GUI; type, run, and watch. Retry a job/adhoc command on any failed nodes. Plugin interface for Node sources and definition formats. Job and Node definitions can be imported/exported in XML or YAML for use with SCM systems.

有一个任务调度器用于在多节点运行命令和工作流. GUI提供简单的在线命令执行、历史、节点、任务查看等. 也提供有CLI和Web API. 认证和授权系统使用LDAP/AD或基于文件. 包括访问控制规则: 控制谁能看，运行，修改项目和任务. 可以通过GUIl临时性的执行: 类型、运行、查看等. 当节点执行失败后重试一个任务或临时性命令. 为节点(node)元和定义格式提供插件接口. 任务和节点定义可以在SCM系统中通过XML或YAML进行导入/导出.

Resources(资源)

* RunDeck website: http://rundeck.org/

* Google User Group: http://groups.google.com/group/rundeck-discuss

* Videos/Screencasts by Alex Honor and Greg Schueler: http://vimeo.com/user6885999/videos/sort:date http://vimeo.com/31115008

* @Rundeck: http://twitter.com/#!/Rundeck