satlstack号称自动化运维的利器,那么saltstack能不能实现自身的批量部署呢?如果你也有这样的疑问,那么就更要看这篇文章了。答案当然是肯定的啦!saltstack可以利用salt-ssh来实现自身的批量部署。首先看待salt-ssh,很容易想到它是一个依赖 ssh 来进行远程命令执行的工具,这样做的好处是你不必在客户端安装minion程序,就可以实现远程命令的执行,而且salt-ssh支持salt的绝大部分功能。
既然不安装minion端,那么master怎样识别到客户端并与客户端进行通信呢?这里主要使用的是一个roster 配置文件来实现的,首先我们来看下环境:
hadoop0.updb.com 192.168.0.100 OS:CentOS 6.5 Role:master
uadoop4.updb.com 192.168.0.204 OS:CentOS 6.5 Role:minion
uadoop5.updb.com 192.168.0.205 OS:CentOS 6.5 Role:minion
在开始实验之前,uadoop4、uadoop5两个节点上是不存在minion服务的,最终的目的是通过salt-ssh在uadoop4、uadoop5上自动化部署好minion端。
首先,我们来配置roster状态文件,让master能够与uadoop4、uadoop5来通信
## 在/etc/salt/目录下创建roster文件,内容如下
[root@hadoop0 ~]# cat /etc/salt/roster
uadoop4:
host: 192.168.0.204 ## 主机
user: root ## ssh连接的用户名
passwd: upbjsxt ## ssh连接的密码
port: 22 ## 端口
timeout: 3
uadoop5:
host: 192.168.0.205 ## 主机
user: root ## ssh连接的用户名
passwd: upbjsxt ## ssh连接的密码
port: 22 ## 端口
timeout: 3
## 不需要重启master服务就可以使用salt-ssh来测试
[root@hadoop0 ~]# salt-ssh 'uadoop[4,5]' test.ping
uadoop5:
True
uadoop4:
True
## 需要注意的是,由于salt-ssh并没有继承salt的zeroMQ,所以执行起来要慢的多,-r选项可以执行系统命令
[root@hadoop0 ~]# salt-ssh 'uadoop[4,5]' -r 'free -m'
uadoop4:
----------
retcode:
0
stderr:
stdout:
total used free shared buffers cached
Mem: 988 174 814 0 35 55
-/+ buffers/cache: 83 905
Swap: 2047 0 2047
uadoop5:
----------
retcode:
0
stderr:
stdout:
total used free shared buffers cached
Mem: 988 172 815 0 34 55
-/+ buffers/cache: 82 906
Swap: 2047 0 2047
ok,你会发现使用salt-ssh也是件非常简单的事情,接下来进入minion的批量部署,如下
## 将所有的与minion部署相关的文件全部放在/srv/salt/epel目录下
[root@hadoop0 epel]# pwd
/srv/salt/epel
[root@hadoop0 epel]# tree -f
.
├── ./epel-release-6-8.noarch.rpm
└── ./salt_install.sls
0 directories, 2 files
## salt_install文件内容
[root@hadoop0 epel]# cat salt_install.sls
## 首先要安装epel扩展源,然后才能使用yum的方式安装salt-minion
epel_install:
file.managed:
- name: /tmp/epel-release-6-8.noarch.rpm ## 指定4、5节点的epel安装包的存放路径
- source: salt://epel/epel-release-6-8.noarch.rpm ## 指定从master的哪个位置拷贝epel的rpm包
- user: root ## 文件的拥有者
- group: root ## 文件的所属组
cmd.run:
- name: rpm -ivh /tmp/epel-release-6-8.noarch.rpm ## 执行rpm包的安装
- unless: test -f /etc/yum.repos.d/epel.repo ## 如果存在这个文件就不再执行安装程序
- require:
- file: epel_install ## 安装epel包要在epel文件拷贝之后
cache_yum:
cmd.run:
- name: yum makecache ## 生成yum的缓存
- require:
- file: epel_install ## 生成缓存要在epel安装之后
salt_install:
pkg.installed: ## 安装salt-minion
- name: salt-minion
- require: ## 安装minion要在epel安装之后
- file: epel_install
## 远程执行
[root@hadoop0 salt]# salt-ssh 'uadoop[4,5]' state.sls epel.salt_install
uadoop4:
----------
cmd_|-cache_yum_|-yum makecache_|-run:
----------
__run_num__:
2
changes:
----------
pid:
1993
retcode:
0
stderr:
stdout:
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: ftp.stust.edu.tw
* epel: ftp.cuhk.edu.hk
* extras: mirrors.btte.net
* updates: mirrors.btte.net
Metadata Cache Created
comment:
Command "yum makecache" run
name:
yum makecache
result:
True
cmd_|-epel_install_|-rpm -ivh /tmp/epel-release-6-8.noarch.rpm_|-run:
----------
__run_num__:
1
changes:
----------
pid:
1991
retcode:
0
stderr:
warning: /tmp/epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
stdout:
Preparing... ##################################################
epel-release ##################################################
comment:
Command "rpm -ivh /tmp/epel-release-6-8.noarch.rpm" run
name:
rpm -ivh /tmp/epel-release-6-8.noarch.rpm
result:
True
file_|-epel_install_|-/tmp/epel-release-6-8.noarch.rpm_|-managed:
----------
__run_num__:
0
changes:
----------
diff:
New file
mode:
0644
comment:
File /tmp/epel-release-6-8.noarch.rpm updated
name:
/tmp/epel-release-6-8.noarch.rpm
result:
True
pkg_|-salt_install_|-salt-minion_|-installed:
----------
__run_num__:
3
changes:
----------
PyYAML:
----------
new:
3.10-3.1.el6
old:
libyaml:
----------
new:
0.1.6-1.el6
old:
m2crypto:
----------
new:
0.20.2-9.el6
old:
openpgm:
----------
new:
5.1.118-3.el6
old:
python-babel:
----------
new:
0.9.4-5.1.el6
old:
python-backports:
----------
new:
1.0-3.el6.centos
old:
python-backports-ssl_match_hostname:
----------
new:
3.4.0.2-4.el6.centos
old:
python-chardet:
----------
new:
2.0.1-1.el6.centos
old:
python-crypto:
----------
new:
2.0.1-22.el6
old:
python-jinja2:
----------
new:
2.2.1-2.el6_5
old:
python-msgpack:
----------
new:
0.1.13-3.el6
old:
python-ordereddict:
----------
new:
1.1-2.el6.centos
old:
python-requests:
----------
new:
1.1.0-4.el6.centos
old:
python-six:
----------
new:
1.7.3-1.el6.centos
old:
python-urllib3:
----------
new:
1.5-7.el6.centos
old:
python-zmq:
----------
new:
14.3.1-1.el6
old:
salt:
----------
new:
2014.7.0-3.el6
old:
salt-minion:
----------
new:
2014.7.0-3.el6
old:
sshpass:
----------
new:
1.05-1.el6
old:
zeromq3:
----------
new:
3.2.4-1.el6
old:
comment:
The following packages were installed/updated: salt-minion.
name:
salt-minion
result:
True
uadoop5:
----------
cmd_|-cache_yum_|-yum makecache_|-run:
----------
__run_num__:
2
changes:
----------
pid:
1937
retcode:
0
stderr:
stdout:
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirror.neu.edu.cn
* epel: ftp.cuhk.edu.hk
* extras: mirror.neu.edu.cn
* updates: mirror01.idc.hinet.net
Metadata Cache Created
comment:
Command "yum makecache" run
name:
yum makecache
result:
True
cmd_|-epel_install_|-rpm -ivh /tmp/epel-release-6-8.noarch.rpm_|-run:
----------
__run_num__:
1
changes:
----------
pid:
1935
retcode:
0
stderr:
warning: /tmp/epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
stdout:
Preparing... ##################################################
epel-release ##################################################
comment:
Command "rpm -ivh /tmp/epel-release-6-8.noarch.rpm" run
name:
rpm -ivh /tmp/epel-release-6-8.noarch.rpm
result:
True
file_|-epel_install_|-/tmp/epel-release-6-8.noarch.rpm_|-managed:
----------
__run_num__:
0
changes:
----------
diff:
New file
mode:
0644
comment:
File /tmp/epel-release-6-8.noarch.rpm updated
name:
/tmp/epel-release-6-8.noarch.rpm
result:
True
pkg_|-salt_install_|-salt-minion_|-installed:
----------
__run_num__:
3
changes:
----------
PyYAML:
----------
new:
3.10-3.1.el6
old:
libyaml:
----------
new:
0.1.6-1.el6
old:
m2crypto:
----------
new:
0.20.2-9.el6
old:
openpgm:
----------
new:
5.1.118-3.el6
old:
python-babel:
----------
new:
0.9.4-5.1.el6
old:
python-backports:
----------
new:
1.0-3.el6.centos
old:
python-backports-ssl_match_hostname:
----------
new:
3.4.0.2-4.el6.centos
old:
python-chardet:
----------
new:
2.0.1-1.el6.centos
old:
python-crypto:
----------
new:
2.0.1-22.el6
old:
python-jinja2:
----------
new:
2.2.1-2.el6_5
old:
python-msgpack:
----------
new:
0.1.13-3.el6
old:
python-ordereddict:
----------
new:
1.1-2.el6.centos
old:
python-requests:
----------
new:
1.1.0-4.el6.centos
old:
python-six:
----------
new:
1.7.3-1.el6.centos
old:
python-urllib3:
----------
new:
1.5-7.el6.centos
old:
python-zmq:
----------
new:
14.3.1-1.el6
old:
salt:
----------
new:
2014.7.0-3.el6
old:
salt-minion:
----------
new:
2014.7.0-3.el6
old:
sshpass:
----------
new:
1.05-1.el6
old:
zeromq3:
----------
new:
3.2.4-1.el6
old:
comment:
The following packages were installed/updated: salt-minion.
name:
salt-minion
result:
True
## 根据反馈的结果看到已经安装成功
需要手动修改uadoop4、uadoop5上的minion配置文件,只用修改两行
[root@uadoop4 tmp]# vi /etc/salt/minion
master: 192.168.0.100
id: uadoop4
[root@uadoop5 ~]# vi /etc/salt/minion
master: 192.168.0.100
id: uadoop5
master上远程启动uadoop4、uadoop5的minion服务
[root@hadoop0 epel]# salt-ssh 'uadoop[4,5]' -r '/etc/init.d/salt-minion restart'
uadoop5:
----------
retcode:
0
stderr:
stdout:
Stopping salt-minion daemon: [FAILED]
Starting salt-minion daemon: [ OK ]
uadoop4:
----------
retcode:
0
stderr:
stdout:
Stopping salt-minion daemon: [FAILED]
Starting salt-minion daemon: [ OK ]
启动成功,master上接受minions的认证请求
[root@hadoop0 epel]# salt-key -L
Accepted Keys:
hadoop1
hadoop2
hadoop3
hadoop4
hadoop5
uadoop0
uadoop1
uadoop2
uadoop3
Unaccepted Keys:
uadoop4
uadoop5
Rejected Keys:
[root@hadoop0 epel]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
uadoop4
uadoop5
Proceed? [n/Y] Y
Key for minion uadoop4 accepted.
Key for minion uadoop5 accepted.
## 测试master与新部署的两个minions通信是否正常
[root@hadoop0 epel]# salt 'uadoop[4,5]' test.ping
uadoop5:
True
uadoop4:
True
ok,通信正常,说明我们使用salt-ssh已经成功的部署好了两个节点上的minion,如果有很多个节点,那么使用salt-ssh是很容易完成minions的批量部署的,而且salt-ssh也常用在master对不能安装minion服务的主机远程命令的执行。除了自身的执行速度较慢之外,salt-ssh还是足够强大,能够满足我们的需求。本文中需要手动修改每个节点minion的配置文件,因为每个minion id是不一样的,所以这个问题还是没有办法避免,好在minion配置文件需要我们修改的地方只有两行,所以这个问题就不是什么问题了。
转载于:https://blog.51cto.com/quenlang/1577215