saltstack - grains
- grains是在minion启动时收集到的一些信息,比如操作系统类型、网卡ip、内核版本、cpu架构等。
- salt ‘aming-02’ grains.ls 列出所有的grains项目名字
- salt ‘aming-02’ grains.items 列出所有grains项目以及值
- grains的信息并不是动态的,并不会实时变更,它是在minion启动时收集到的。
- 我们可以根据grains收集到的一些信息,做配置管理工作。 grains支持自定义信息。
[root@linux0 svnroot]# salt 'linux0' grains.ls #收集信息的种类列表;
linux0:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- fqdns
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
[root@linux0 svnroot]# salt 'linux0' grains.items #收集的具体信息;
linux0:
----------
SSDs:
biosreleasedate:
04/13/2018
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- eagerfpu
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- ssbd
- ibrs
- ibpb
- stibp
- fsgsbase
- tsc_adjust
- bmi1
- hle
- avx2
- smep
- bmi2
- invpcid
- rtm
- rdseed
- adx
- smap
- xsaveopt
- arat
- spec_ctrl
- intel_stibp
- flush_l1d
- arch_capabilities
cpu_model:
Intel(R) Core(TM) i7-5650U CPU @ 2.20GHz
cpuarch:
x86_64
disks:
- sda
- sr0
dns:
----------
domain:
ip4_nameservers:
- 192.168.87.2
ip6_nameservers:
nameservers:
- 192.168.87.2
options:
search:
sortlist:
domain:
fqdn:
linux0
fqdn_ip4:
- 192.168.87.149
fqdn_ip6:
- fe80::d8da:c84:7947:a438
fqdns:
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
vmware
groupname:
root
host:
linux0
hwaddr_interfaces:
----------
ens33:
00:0c:29:bd:e9:03
lo:
00:00:00:00:00:00
id:
linux0
init:
systemd
ip4_gw:
192.168.87.2
ip4_interfaces:
----------
ens33:
- 192.168.87.149
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
ens33:
- fe80::d8da:c84:7947:a438
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
ens33:
- 192.168.87.149
- fe80::d8da:c84:7947:a438
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.87.149
ipv6:
- ::1
- fe80::d8da:c84:7947:a438
kernel:
Linux
kernelrelease:
3.10.0-957.el7.x86_64
kernelversion:
#1 SMP Thu Nov 8 23:39:32 UTC 2018
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
zh_CN
detectedencoding:
UTF-8
timezone:
unknown
localhost:
linux0
lsb_distrib_codename:
CentOS Linux 7 (Core)
lsb_distrib_id:
CentOS Linux
machine_id:
329446dec61043a08d7319d4f1fd723b
manufacturer:
VMware, Inc.
master:
linux0
mdadm:
mem_total:
972
nodename:
linux0
num_cpus:
1
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Linux 7 (Core)
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.6.1810
osrelease_info:
- 7
- 6
- 1810
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
35644
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2019.2.2
saltversioninfo:
- 2019
- 2
- 2
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d 68 85 02 39 98 92-dd 24 01 59 02 bd e9 03
server_id:
1574897536
shell:
/bin/sh
swap_total:
2047
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
uid:
0
username:
root
uuid:
85684d56-3902-9298-dd24-015902bde903
virtual:
VMware
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.1.4
- 手动的为minion增加信息,通过信息可以查找到相应机器
[root@linux0 salt]# cat /etc/salt/grains #修改配置文件;修改只会影响当前的minion;
role: nginx
env: test
[root@linux0 svnroot]# systemctl restart salt-minion.service
[root@linux0 svnroot]# salt 'linux0' grains.item role #如果机器都设置了role,就可以很快知道每台机器的角色;
linux0:
----------
role:
nginx
[root@linux0 svnroot]# salt 'linux0' grains.item role env #可通时显示两个或多个键;
linux0:
----------
env:
test
role:
nginx
[root@linux0 svnroot]# salt '*' grains.item role env
linux0:
----------
env:
test
role:
nginx
linux1:
----------
env:
role:
[root@linux0 svnroot]# salt -G role:nginx cmd.run "hostname" #使用-G来使用grain来选择机器;
linux0:
linux0
saltstack – pillar
- pillar和grains不一样,是在master上定义的,并且是针对minion定义的一些信息。像一些比较重要的数据(密码)可以存在pillar里,还可以定义变量等。
[root@linux0 svnroot]# vim /etc/salt/master #需要配置以下信息;
pillar_roots:
base: #前面两个空格,要严格遵守;
- /srv/pillar #前面 4个空格,要严格遵守;设置pillar根目录;
[root@linux0 svnroot]# systemctl restart salt-master.service #修改/etc/salt配置文件才需要重启master;下面修改不需要,每次运行会重新读取;
[root@linux0 svnroot]# mkdir -p /srv/pillar #pillar目录;
[root@linux0 svnroot]# cd !$
cd /srv/pillar
[root@linux0 salt]# cat /srv/pillar/top.sls #pillar主引导文件;
base: #配置机器使用某一个配置文件;
'linux1':
- test
'linux0':
- test1
[root@linux0 salt]# cat /srv/pillar/test1.sls #编缉内容,键: 值 的形式;
conf:
/etc/123.conf
[root@linux0 salt]# cat /srv/pillar/test.sls
dir: /data/123
[root@linux0 pillar]# salt '*' saltutil.refresh_pillar #查询pillar的状态,连接上的机器都为true;
linux1:
True
linux0:
True
[root@linux0 salt]# salt '*' pillar.item conf dir #查找出含某个pillar键的机器和值;
linux0:
----------
conf:
/etc/123.conf
dir:
linux1:
----------
conf:
dir:
/data/123
[root@linux0 pillar]# salt -I 'conf:/etc/123.conf' cmd.run 'hostname' #使用pillar作为匹配对象;
linux0:
linux0
[root@linux0 pillar]# salt -I 'dir:/data/123' cmd.run 'hostname'
linux1:
linux1
saltstack – 安装配置httpd
- 后面几个功能都是使用salt的file_roots功能,也类似pillar两个配置文件,一个设置哪个机器实施哪个子配置文件,一个子配置文件说明实施哪些内容
- 新建一个目录存放这些文件,即file_roots的根目录;
- 下面使用这个功能安装httpd
- 说明: httpd-service是id的名字,自定义的。pkg.installed 为包安装函数,下面是要安装的包的名字。service.running也是一个函数,来保证指定的服务启动,enable表示开机启动。
- 执行: salt ‘linux1’ state.highstate//执行过程会比较慢,因为客户端上在yum install httpd httpd-devel
[root@linux0 pillar]# vim /etc/salt/master #需要以下配置,注意空格;
file_roots:
base:
- /srv/salt
[root@linux0 pillar]# systemctl restart salt-master.service
[root@linux0 pillar]# mkdir /srv/salt #创建功能根目录;
[root@linux0 pillar]# cd !$
cd /srv/salt
[root@linux0 salt]# vim top.sls
[root@linux0 salt]# vim httpd.sls
[root@linux0 salt]# cat top.sls
cat top.sls
base:
'*': #所有机器都实施;
- httpd
[root@linux0 salt]# cat httpd.sls
httpd-service:
pkg.installed: #调用一个安装功能,自动匹配不同的linux系统,会使用yum或其他;
- names:
- httpd
- httpd-devel
service.running: #启动服务功能;
- name: httpd
- enable: True #为真;
[root@linux0 salt]# salt 'linux1' state.highstate #第一次安装;#结果带颜色显示,非常清晰,做了什么操作;#红色是错误,绿色是原来已实现的,浅蓝是改变或新增;
linux1:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed #说明原来已经安装好,并无更新;
Started: 11:10:10.518167
Duration: 904.747 ms
Changes:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 11:10:11.423211
Duration: 24.11 ms
Changes:
----------
ID: httpd-service
Function: service.running
Name: httpd
Result: False #启动不成功,nginx启动着;
Comment: Running scope as unit run-117901.scope.
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Started: 11:10:11.448344
Duration: 10193.336 ms
Changes:
Summary for linux1 #汇总信息;
------------
Succeeded: 2
Failed: 1
------------
Total states run: 3
Total run time: 11.122 s
ERROR: Minions returned with non-zero exit code #不成功返回非零状态码;
[root@linux0 salt]# salt 'linux0' state.highstate #第二次测试;
linux0:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 11:13:30.227581
Duration: 4768.233 ms
Changes:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel #原来已安装,会被更新;
Started: 11:13:34.996138
Duration: 42958.012 ms
Changes: #显示具体改动;
----------
apr-devel:
----------
new:
1.4.8-5.el7
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-90.el7.centos
old:
libdb:
----------
new:
5.3.21-25.el7
old:
5.3.21-24.el7
libdb-devel:
----------
new:
5.3.21-25.el7
old:
libdb-utils:
----------
new:
5.3.21-25.el7
old:
5.3.21-24.el7
openldap:
----------
new:
2.4.44-21.el7_6
old:
2.4.44-20.el7
openldap-devel:
----------
new:
2.4.44-21.el7_6
old:
----------
ID: httpd-service
Function: service.running
Name: httpd
Result: True #启动成功;
Comment: Service httpd has been enabled, and is running
Started: 11:14:18.289376
Duration: 20992.171 ms
Changes:
----------
httpd:
True
Summary for linux0
------------
Succeeded: 3 (changed=2) #改动的只有2个,httpd没有改动;
Failed: 0
------------
Total states run: 3
Total run time: 68.718 s
[root@linux0 salt]# salt 'linux1' state.highstate #删除httpd, 关闭nginx第三次测试;
linux1:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 11:18:23.794358
Duration: 7622.612 ms
Changes:
----------
httpd:
----------
new:
2.4.6-90.el7.centos
old:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 11:18:31.438752
Duration: 5406.707 ms
Changes:
----------
httpd-devel:
----------
new:
2.4.6-90.el7.centos
old:
----------
ID: httpd-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 11:18:36.855163
Duration: 20836.865 ms
Changes:
----------
httpd:
True
Summary for linux1
------------
Succeeded: 3 (changed=3) #三项工作都做好了;
Failed: 0
------------
Total states run: 3
Total run time: 33.866 s
saltstack – 配置管理文件
- 配置的意思是放置一个文件在某一个路径下,当然还可以指定在哪些机器上实施
[root@linux0 salt]# vi test.sls #在功能目录里新建子配置文件;
[root@linux0 salt]# cat !$
cat test.sls #注意空格;
file_test:
file.managed:
- name: /tmp/aminglinux.com #文件的路径与文件名;
- source: salt://test/123/1.txt #来源文件;
- user: root #属主与权限设置;
- group: root
- mode: 600
[root@linux0 salt]# mkdir -p test/123 #新建测试目录;
[root@linux0 salt]# cp /etc/inittab test/123/1.txt #生成测试文件;
[root@linux0 salt]# cat top.sls #修改引导文件;
base:
'*':
- test
[root@linux0 salt]# salt 'linux1' state.highstate #运行;
linux1:
----------
ID: file_test
Function: file.managed
Name: /tmp/tanylinux.com
Result: True
Comment: File /tmp/tanylinux.com updated
Started: 12:49:31.267511
Duration: 64.519 ms
Changes:
----------
diff:
New file
Summary for linux1
------------
Succeeded: 1 (changed=1) #在linux1上的检验省略;
Failed: 0
------------
Total states run: 1
Total run time: 64.519 ms
saltstack – 配置管理目录
- 这个功能是放置一个目录到机器里,可以指定在哪些机器上实施
[root@linux0 salt]# cat test_dir.sls #子配置文件;
file_dir:
file.recurse: #函数跟文件的不一样;
- name: /tmp/testdir #放置路径;
- source: salt://test/123 #源目录123
- user: root
- file_mode: 640
- dir_mode: 750
- mkdir: True
- clean: True #加上这个设置之后,源删除文件或目录后,再运行salt,目标也会跟着删除,否则不会删除;
[root@linux0 salt]# cd test/123/
[root@linux0 123]# ls
1.txt
[root@linux0 123]# mkdir dir2
[root@linux0 123]# touch dir2/txt2
[root@linux0 123]# cd ../..
[root@linux0 salt]# vim top.sls #主引导文件;
base:
'*':
- test_dir #子配置文件名;
[root@linux0 salt]# salt 'linux1' state.highstate #这里显示只更新了dir2和下面的文件,其他文件已更新过,此文档省略;
linux1:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 13:03:54.047407
Duration: 196.118 ms
Changes:
----------
/tmp/testdir/dir2:
----------
/tmp/testdir/dir2:
New Dir
/tmp/testdir/dir2/txt2:
----------
diff:
New file
mode:
0640
Summary for linux1
------------
Succeeded: 1 (changed=1) #改变多少是看更新了多少个文件;
Failed: 0
------------
Total states run: 1
Total run time: 196.118 ms
[root@linux0 salt]# tree test/123
test/123
├── 1.txt
└── dir2
└── txt2
1 directory, 2 files
- 说明:这里有一个问题,如果要更新的目录里有一个空目录,客户端上不会创建该目录,有文件的目录才会更新;空的根目录还是会新建的;
saltstack – 配置管理远程命令
- 在指定的机器上运行一个脚本;
[root@linux0 salt]# cat shell_test.sls #子配置文件;
shell_test:
cmd.script: #运行脚本的函数;
- source: salt://test/1.sh
- user: root
[root@linux0 salt]# cat test/1.sh #需要实施的脚本;
touch /tmp/111.txt
if [ ! -d /tmp/1233 ]
then
mkdir /tmp/1233
fi
[root@linux0 salt]# cat top.sls #主配置文件;
base:
'*':
- shell_test
[root@linux0 salt]# salt 'linux1' state.highstate #运行;
linux1:
----------
ID: shell_test
Function: cmd.script
Result: True
Comment: Command 'shell_test' run
Started: 15:03:39.993970
Duration: 81.522 ms
Changes:
----------
pid:
16613
retcode:
0
stderr:
stdout:
Summary for linux1
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 81.522 ms
saltstack – 配置管理任务计划
[root@linux0 salt]# cat top.sls #主引导文件;
base:
'*':
- cron_test
[root@linux0 salt]# vi cron_test.sls
[root@linux0 salt]# cat cron_test.sls #子配置文件;
cron_test:
cron.present: #计划任务的函数;
- name: /bin/touch /tmp/111.txt #设置跟crontab -e是一样的;下面几行不设置,就变成root帐号下,每分钟运行一次;
- user: root
- minute: '*'
- hour: 20
- daymonth: '*'
- month: '*'
- dayweek: '*'
[root@linux0 salt]# salt 'linux1' state.highstate
linux1:
----------
ID: cron_test
Function: cron.present
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt added to root's crontab
Started: 15:09:27.553299
Duration: 289.991 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary for linux1
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 289.991 ms
[root@linux1 ~]# crontab -l
# Lines below here are managed by Salt, do not edit #如果还需要使用salt更新计划任务,不能手动修改这些信息,修改过后不能识别,会重新创建一个任务;
# SALT_CRON_IDENTIFIER:/bin/touch /tmp/111.txt
* 20 * * * /bin/touch /tmp/111.txt
[root@linux0 salt]# vim cron_test.sls
[root@linux0 salt]# cat !$ #salt取消一个计划任务;
cat cron_test.sls
cron_test:
cron.absent:
- name: /bin/touch /tmp/111.txt
[root@linux0 salt]# salt 'linux1' state.highstate
linux1:
----------
ID: cron_test
Function: cron.absent
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt removed from root's crontab
Started: 15:13:39.231054
Duration: 139.224 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary for linux1
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 139.224 ms
其他命令
- cp.get_file 拷贝master上的文件到客户端
- salt ‘*’ cp.get_file salt://test/1.txt /tmp/123.txt
- cp.get_dir 拷贝目录
- salt ‘*’ cp.get_dir salt://test/conf /tmp/ //会自动在客户端创建conf目录,所以后面不要加conf,如果写成 /tmp/conf/ 则会在/tmp/conf/目录下又创建conf
- salt-run manage.up 显示存活的minion
- salt ‘*’ cmd.script salt://test/1.sh 命令行下执行master上的shell脚本
<root@linux0 /srv/salt>$ touch test/1.txt
<root@linux0 /srv/salt>$ salt '*' cp.get_file salt://test/1.txt /tmp/123.txt
linux1:
/tmp/123.txt
linux0:
/tmp/123.txt
<root@linux0 /srv/salt>$ salt '*' cp.get_dir salt://test/123 /tmp/
linux1:
- /tmp//123/dir2
linux0:
- /tmp//123/dir2
<root@linux0 /srv/salt>$ salt-run manage.up
- linux0
- linux1
<root@linux0 /srv/salt>$ salt '*' cmd.script salt://test/1.sh
linux1:
----------
pid:
12083
retcode:
0
stderr:
stdout:
linux0:
----------
pid:
55154
retcode:
0
stderr:
stdout:
salt-ssh使用
-
salt-ssh不需要对客户端做认证,客户端也不用安装salt-minion,它类似pssh/expect
-
salt-ssh可把命令发送给配置文件指定的机器,配置文件需要定义机器的名字,IP,实施命令的用户名和密码;
-
如果需要把密码去掉,需要在连接时把公钥推送过去;再把配置文件的密码去掉;
-
安装很简单yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm #安装yum仓库;
-
yum install -y salt-ssh
-
vi /etc/salt/roster //增加如下内容
aming-01:
host: 192.168.133.130
user: root
passwd: lishiming -
salt-ssh --key-deploy ‘*’ -r ‘w’ //第一次执行的时候会自动把本机的公钥放到对方机器上,然后就可以把roster里面的密码去掉
<root@linux0 /srv/salt>$ yum install salt-ssh
<root@linux0 /srv/salt>$ vim /etc/salt/roster #配置内容如下;
linux0:
host: 192.168.87.149 # The IP addr or DNS hostname
user: root
passwd: password
linux2: #自定义名字;
host: 192.168.87.150
user: root
passwd: password
<root@linux0 /srv/salt>$ salt-ssh '*' -r 'ip addr |grep 87' #命令成功; #*号可换成自定义的机器名;#--key-deploy把公钥推送出去;
linux2:
----------
retcode:
0
stderr:
stdout:
inet 192.168.87.150/24 brd 192.168.87.255 scope global noprefixroute ens33
inet 192.168.87.108/32 scope global ens33
linux0:
----------
retcode:
0
stderr:
stdout:
inet 192.168.87.149/24 brd 192.168.87.255 scope global noprefixroute ens33
- salt的c/s模式,分发文件会更方便;