0.客户端使用
linux:把linux的ragent文件夹拷贝到内网linux /opt目录下,运行初始化脚本
salt服务端:# @Master:"/opt/ragent/python/bin/python3 /opt/ragent/init.py master apipwd" #apipwd 是saltapi的用户密码
salt客户端:# @Minion:"/opt/ragent/python/bin/python3 /opt/ragent/init.py minion master_ip minion_name" #master_ip代表要绑定的master的IP,minion_name是设置这台minion的显示名称。
启动:
/opt/ragent/tools/master.py start
/opt/ragent/tools/minion.py start
/opt/ragent/tools/api.py start
停止
/opt/ragent/tools/master.py stop
/opt/ragent/tools/minion.py stop
/opt/ragent/tools/api.py stop
window:把window的ragent文件夹拷贝到c盘即可,运行初始化脚本
init.bat 10.92.xxx.xx mywindow #第一个参数绑定master的IP,第二个是设置这台minion的显示名称。
启动:
C:\ragent\tools\minion.bat start
停止:
C:\ragent\tools\minion.bat stop
1.linux客户端封装
linux: 建议在系统低版本安装,高版本适配低版本,
1.安装python,先找到自己要的版本,源码安装。
2.把包拷贝过去,然后一个个安装即可。可参考:
https://www.cnblogs.com/zhutianpeng/p/3883819.html,
https://blog.csdn.net/linux_player_c/article/details/50551460
例如:
安装pycryto
[root@master tar_install]# tar xvf pycrypto-2.6.1.tar.gz
[root@master tar_install]# cd pycrypto-2.6.1
[root@master pycrypto-2.6.1]# python setup.py install 这里的python记得全部都用自己第一步下载的
whl 可以直接用pip 安装
全部安装后,有时候就可以了 有时候会在启动master的时候报少了什么 这个时候再找再加装就行,这是因为不同系统有的已经内置有的没有。
另外,有取巧的方法,直接在有网环境pip install 安装后一个个拷贝过去,不过兼容性差,部分有问题的话要一一解决。
包的获取:./pip3 install --target=/opt/salt salt -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com (把所有包下载下来)
3.主要安装salt可添加参数:./setup.py --salt-root-dir=/opt/ragent/salt/conf/ --salt-base-file-roots-dir=/opt/ragent/salt/conf/ --salt-home-dir=/opt/ragent/salt/conf/ install
(--salt-root-dir这个参数是核心,有这个就可以自定义目录)
4.安装成功后,把配置文件拷贝到相应目录,配置master和minion,配置文件可在已封装好的/ragent/salt/conf 里面找。有时候启动文件会在安装salt后,自动生成,有时候不会,同样拷贝过去就行了。
2.window客户端封装
1.也是先安装好python,直接下载一个exe安装到指定目录就行
2.直接静默安装salt: C:\ragent\tools>minion64.exe /S /master=10.92.216.250 /minion-name=test /D=C:\ragent\salt (这个/D是核心,官网没有的,有这个才可以自定义目录)
3.配置什么的,参考封装好的修改即可。window的一般无需变动。
3.linux配置
linux的master配置 路径:\opt\ragent\salt\conf\etc\salt\ master
interface: 0.0.0.0 file_roots: base: - /opt/ragent/salt/file
linux的api配置 路径:\opt\ragent\salt\conf\etc\salt\ master.d\api.conf
rest_cherrypy: port: 8001 # salt-api 监听端口 ssl_crt: /opt/ragent/salt/conf/sslkey/localhost.crt # ssl认证的证书 ssl_key: /opt/ragent/salt/conf/sslkey/localhost_nopass.key
linux的api配置 路径:\opt\ragent\salt\conf\etc\salt\ master.d\eauth.conf
external_auth: pam: saltapi: - .* - '@wheel' - '@runner'
linux的master配置 路径:\opt\ragent\salt\conf\etc\salt\ minion
master: 192.168.xx.x id: xx.com
4.配置用户和签名证书
# 创建用户(用于salt-api认证)
useradd -M -s /sbin/nologin saltapi && echo "thispwd"|/usr/bin/passwd saltapi --stdin
生成签名证书:
[root@cgc certs]# cd /etc/pki/tls/certs/ [root@cgc certs]# make thecert make: *** No rule to make target `thecert'. Stop. [root@cgc certs]# make testcert umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key Generating RSA private key, 2048 bit long modulus ............................................+++ ...............................................+++ e is 65537 (0x10001) Enter pass phrase: #填写密码thispwd Verifying - Enter pass phrase: #填写密码thispwd umask 77 ; \ /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt Enter pass phrase for /etc/pki/tls/private/localhost.key: #填写密码thispwd You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:GuangZhou Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []:
解密key文件,生成无密码的key文件, 过程中需要输入key密码,该密码为之前生成证书时设置的密码
cd /etc/pki/tls/private/ openssl rsa -in localhost.key -out localhost_nopass.key Enter pass phrase for localhost.key:
添加证书到客户端:
cp /etc/pki/tls/certs/localhost.crt /opt/ragent/salt/conf/sslkey/localhost.crt cp /etc/pki/tls/private/localhost_nopass.key /opt/ragent/salt/conf/sslkey/localhost_nopass.key
验证:
# 创建用户(用于salt-api认证) useradd -M -s /sbin/nologin saltapi && echo "thispwd"|/usr/bin/passwd saltapi --stdin curl -sSk https://localhost:8001/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=thispwd -d eauth=pam 87475ab6906bb76baec11af6deee28a7dbd42e26 curl -k https://127.0.0.1:8001/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 87475ab6906bb76baec11af6deee28a7dbd42e26" -d client='local' -d tgt='*' -d fun='test.ping' curl -k https://127.0.0.1:8001 -H "Accept: application/x-yaml" -H "X-Auth-Token: 87475ab6906bb76baec11af6deee28a7dbd42e26" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='ifconfig'
5.window配置
window只有minion,配置文件:C:\ragent\salt\conf\minion
master: 10.92.xx.xxx id: win7
如果有部分路径问题,可修改salt包的源码配置文件:
C:\ragent\salt\bin\Lib\site-packages\salt\_syspaths.py 按需修改
# This file was auto-generated by salt's setup on Wednesday, 06 June 2018 @ 20:06:22 UTC. ROOT_DIR = 'C:/ragent/salt' SHARE_DIR = None CONFIG_DIR = None CACHE_DIR = None SOCK_DIR = None SRV_ROOT_DIR= 'C:/ragent/salt/file' BASE_FILE_ROOTS_DIR = 'C:/ragent/salt/file' BASE_PILLAR_ROOTS_DIR = None BASE_MASTER_ROOTS_DIR = None BASE_THORIUM_ROOTS_DIR = None LOGS_DIR = None PIDFILE_DIR = None SPM_FORMULA_PATH = None SPM_PILLAR_PATH = None SPM_REACTOR_PATH = None HOME_DIR = 'C:/ragent/salt'
6.linux脚本
初始化init.py:
#!/opt/ragent/python/bin/python3 # coding:utf-8 # @Author : ChenGengCong # @date : 2018.6.22 # @file : init.py # @Master:"/opt/ragent/python/bin/python3 /opt/ragent/init.py master apipwd" # @Minion:"/opt/ragent/python/bin/python3 /opt/ragent/init.py minion master_ip minion_name" import subprocess import sys class Saltstack(): def __init__(self): self.CONFPATH = '/opt/ragent/salt/conf/etc/salt' self.TOOLSPATH = '/opt/ragent/tools' #防火墙关闭先不写 def master(self, apipwd='thispwd',master_bind_ip='0.0.0.0'): #初始化master环境 stopcmd = "%s/master.py stop" % self.TOOLSPATH pipe = subprocess.run(stopcmd, shell=True, stdout=subprocess.PIPE).stdout stopapicmd = "%s/api.py stop" % self.TOOLSPATH pipe = subprocess.run(stopapicmd, shell=True, stdout=subprocess.PIPE).stdout #master绑定的ip地址 setcmd = "sed -i '/^interface/s/.*/interface: %s/g' %s/master" % (master_bind_ip, self.CONFPATH) pipe = subprocess.run(setcmd, shell=True, stdout=subprocess.PIPE).stdout #创建api密码 addcmd = "useradd -M -s /sbin/nologin saltapi" p = subprocess.run(addcmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout pwdcmd = "echo '%s'|/usr/bin/passwd saltapi --stdin" % apipwd pipe = subprocess.run(pwdcmd, shell=True, stdout=subprocess.PIPE).stdout #启动master环境 startcmd = "%s/master.py start" % self.TOOLSPATH pipe = subprocess.run(startcmd, shell=True, stdout=subprocess.PIPE).stdout stopapicmd = "%s/api.py start" % self.TOOLSPATH pipe = subprocess.run(stopapicmd, shell=True, stdout=subprocess.PIPE).stdout def minion(self,master_ip, minion_name): #初始化minion环境 stopcmd = "%s/minion.py stop" % self.TOOLSPATH pipe = subprocess.run(stopcmd, shell=True, stdout=subprocess.PIPE).stdout # 删除已有认证 delid = "rm -f %s/minion_id" % self.CONFPATH std = subprocess.run(delid, shell=True, stdout=subprocess.PIPE).stdout delpki = "rm -f %s/salt/pki/minion/*" % self.CONFPATH std = subprocess.run(delpki, shell=True, stdout=subprocess.PIPE).stdout # 设置master ip地址 setip = "sed -i '/^master/s/.*/master: %s/g' %s/minion" % (master_ip,self.CONFPATH) pipe = subprocess.run(setip, shell=True, stdout=subprocess.PIPE).stdout # 设置minion ID 即客户端唯一识别名 setid = "sed -i '/^id:/s/.*/id: %s/g' %s/minion" % (minion_name,self.CONFPATH) pipe = subprocess.run(setid, shell=True, stdout=subprocess.PIPE).stdout #启动minion环境 stopcmd = "%s/minion.py start" % self.TOOLSPATH pipe = subprocess.run(stopcmd, shell=True, stdout=subprocess.PIPE).stdout ''' @初始化命令 @master: ssh root@ "/opt/ragent/python/bin/python3 /opt/ragent/init.py master apipwd" @minion ssh root@ "/opt/ragent/python/bin/python3 /opt/ragent/init.py minion master_ip minion_name" ''' if __name__ == "__main__": name = sys.argv[1] Salt = Saltstack() if name == "master": try: apipwd = sys.argv[2] Salt.master(apipwd) except: Salt.master() elif name == "minion": master_ip = sys.argv[2] minion_name = sys.argv[3] Salt.minion(master_ip, minion_name) else: print("USAGE: %s (master|minion) master_ip minion_id" % sys.argv[0])
api.py
#!/opt/ragent/python/bin/python3 # -*- coding: utf-8 -*- #encoding:utf-8 #@Time : 2018-06-13 15:41:33 #@Author : chengengcong #@File : api.py import sys import subprocess import os SALT_PATH = '/opt/ragent/salt' def start_app(name): if status_app(name)>1: print ("%s is running,you can try restart"%(name)) else: cmd = "nohup %s/bin/%s >> %s/conf/var/log/salt/%s 2>&1 &"%(SALT_PATH,name,SALT_PATH,name) pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT) def stop_app(name): cmd = "pgrep %s|xargs kill -9"%(name) pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout def status_app(name): cmd = "pgrep %s|wc -l"%(name) pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout result = int(str(pipe.read(),encoding='utf-8')) return result if __name__ == "__main__": name = 'salt-api' if len(sys.argv)==1: start_app(name) if len(sys.argv)>1: key = sys.argv[1] if key == 'start': start_app(name) elif key == 'stop': stop_app(name) elif key == 'restart': stop_app(name) start_app(name) else: result = status_app(name) if result>0: print ('%s is active!'%(name)) else: print ('%s is inactive!'%(name))
master.py
#!/opt/ragent/python/bin/python3 # -*- coding: utf-8 -*- #encoding:utf-8 #@Time : 2018-06-13 15:41:33 #@Author : chengengcong #@File : master.py import sys import subprocess SALT_PATH = '/opt/ragent/salt' def start_app(name): if status_app(name)>1: print ("%s is running,you can try restart"%(name)) else: cmd = "nohup %s/bin/%s >> %s/conf/var/log/salt/%s 2>&1 &"%(SALT_PATH,name,SALT_PATH,name) pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT) def stop_app(name): cmd = "pgrep %s|xargs kill -9"%(name) pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout def status_app(name): cmd = "pgrep %s|wc -l"%(name) pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout result = int(str(pipe.read(),encoding='utf-8')) return result if __name__ == "__main__": name = 'salt-master' if len(sys.argv)==1: start_app(name) if len(sys.argv)>1: key = sys.argv[1] if key == 'start': start_app(name) elif key == 'stop': stop_app(name) elif key == 'restart': stop_app(name) start_app(name) else: result = status_app(name) if result>0: print ('%s is active!'%(name)) else: print ('%s is inactive!'%(name))
minion.py
#!/opt/ragent/python/bin/python3 # -*- coding: utf-8 -*- #encoding:utf-8 #@Time : 2018-06-13 15:41:33 #@Author : chengengcong #@File : master.py import sys import subprocess SALT_PATH = '/opt/ragent/salt' def start_app(name): if status_app(name)>0: print ("%s is running,you can try restart"%(name)) else: cmd = "nohup %s/bin/%s >> %s/conf/var/log/salt/%s 2>&1 &"%(SALT_PATH,name,SALT_PATH,name) pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT) def stop_app(name): cmd = "pgrep %s|xargs kill -9"%(name) pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT).stdout def status_app(name): cmd = "pgrep %s|wc -l"%(name) pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT).stdout result = int(str(pipe.read(),encoding='utf-8')) return result if __name__ == "__main__": name = 'salt-minion' if len(sys.argv)==1: start_app(name) if len(sys.argv)>1: key = sys.argv[1] if key == 'start': start_app(name) elif key == 'stop': stop_app(name) elif key == 'restart': stop_app(name) start_app(name) else: result = status_app(name) if result>0: print ('%s is active!'%(name)) else: print ('%s is inactive!'%(name))
7.window脚本
init.bat
::date:2018-04-09 15:35:11 ::author:chengengcong ::company:NanWangDingXin ::version:1.0.1 ::file: init.bat ::Parameter: init.bat 10.92.xxx.xx mywindow @echo off C:\ragent\salt\bin\ssm.exe install salt-minion c:\ragent\salt\bin\python.exe C:\ragent\salt\bin\ssm.exe set salt-minion AppParameters "-E -s c:\ragent\salt\bin\Scripts\salt-minion -c c:\ragent\salt\conf -l quiet" C:\ragent\salt\bin\ssm.exe set salt-minion AppDirectory c:\ragent\salt\bin C:\ragent\salt\bin\ssm.exe set salt-minion AppExit Default Restart C:\ragent\salt\bin\ssm.exe set salt-minion AppStopMethodConsole 24000 C:\ragent\salt\bin\ssm.exe set salt-minion AppStopMethodWindow 2000 C:\ragent\salt\bin\ssm.exe set salt-minion Description "Salt Minion from saltstack.com" C:\ragent\salt\bin\ssm.exe set salt-minion DisplayName salt-minion C:\ragent\salt\bin\ssm.exe set salt-minion ObjectName LocalSystem C:\ragent\salt\bin\ssm.exe set salt-minion Start SERVICE_AUTO_START C:\ragent\salt\bin\ssm.exe set salt-minion Type SERVICE_WIN32_OWN_PROCESS set master=%1% set id=%2% echo master: %master%>C:\ragent\salt\conf\minion echo id: %id%>>C:\ragent\salt\conf\minion net stop salt-minion net start salt-minion
minion.bat
::date:2018-04-09 15:35:11 ::author:chengengcong ::company:NanWangZongBu ::version:1.0.1 ::file: minion.bat ::Parameter: minion.bat status @echo off set input=%1% call:%input% goto:eof :status for /f "skip=3 tokens=4" %%i in ('sc query salt-minion') do set "zt=%%i" &goto :next :next echo %zt% goto:eof :start net start salt-minion goto:eof :stop net stop salt-minion goto:eof
532
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
