saltstack安装
准备两台服务器:
#服务端
hostname:centos-1 IP:192.168.157.132
#客户端
Hostname:centos-2 IP:192.168.157.135
设置hostname & hosts
[root@centos-1 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.157.132 centos-1
[root@centos-2 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.157.135 centos-2
下载salstack yum 源
#下载yum 源
[root@centos-1 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
[root@centos-2 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
#这些是安装saltstack yum 源所产生的rpm包
[root@centos-1 ~]# yum list |grep salt
salt-repo.noarch latest-2.el7 installed
PyYAML.x86_64 3.11-1.el7 salt-latest
PyYAML-debuginfo.x86_64 3.11-1.el7 salt-latest
cppzmq-devel.x86_64 4.1.4-6.el7 salt-latest
libsodium.x86_64 1.0.16-1.el7 salt-latest
libsodium-debuginfo.x86_64 1.0.16-1.el7 salt-latest
libsodium-devel.x86_64 1.0.16-1.el7 salt-latest
libsodium-static.x86_64 1.0.16-1.el7 salt-latest
libtomcrypt-debuginfo.x86_64 1.17-23.el7 salt-latest
libtommath-debuginfo.x86_64 0.42.0-4.el7 salt-latest
m2crypto.x86_64 0.28.2-3.el7 salt-latest
m2crypto-debuginfo.x86_64 0.28.2-3.el7 salt-latest
openpgm.x86_64 5.2.122-2.el7 salt-latest
openpgm-debuginfo.x86_64 5.2.122-2.el7 salt-latest
openpgm-devel.x86_64 5.2.122-2.el7 salt-latest
python-cherrypy.noarch 5.6.0-2.el7 salt-latest
python-crypto.x86_64 2.6.1-2.el7 salt-latest
python-crypto-debuginfo.x86_64 2.6.1-2.el7 salt-latest
python-futures.noarch 3.0.3-1.el7 salt-latest
python-ioflo.noarch 1.3.8-1.el7 salt-latest
python-libnacl.noarch 1.4.3-1.el7 salt-latest
python-msgpack.x86_64 0.4.6-1.el7 salt-latest
python-msgpack-debuginfo.x86_64 0.4.6-1.el7 salt-latest
python-psutil.x86_64 2.2.1-1.el7 salt-latest
python-psutil-debuginfo.x86_64 2.2.1-1.el7 salt-latest
python-pycryptodome-debuginfo.x86_64 3.4.3-2.el7 salt-latest
python-raet.noarch 0.6.5-1.el7 salt-latest
python-salttesting.noarch 2015.7.10-1.el6 epel
python-simplejson.x86_64 3.3.3-1.el7 salt-latest
python-simplejson-debuginfo.x86_64 3.3.3-1.el7 salt-latest
python-timelib.noarch 0.2.4-1.el7 salt-latest
python-tornado-debuginfo.x86_64 4.2.1-1.el7 salt-latest
python-zmq.x86_64 15.3.0-2.el7 salt-latest
python-zmq-debuginfo.x86_64 15.3.0-2.el7 salt-latest
python-zmq-tests.x86_64 15.3.0-2.el7 salt-latest
python2-libcloud.noarch 2.0.0-2.el7 salt-latest
python2-pycryptodomex.x86_64 3.4.3-2.el7 salt-latest
python2-typing.noarch 3.5.2.2-3.el7 salt-latest
python3-pycryptodomex.x86_64 3.4.3-2.el7 salt-latest
python34-typing.noarch 3.5.2.2-3.el7 salt-latest
salt.noarch 2018.3.0-1.el7 salt-latest
salt-api.noarch 2018.3.0-1.el7 salt-latest
salt-cloud.noarch 2018.3.0-1.el7 salt-latest
salt-master.noarch 2018.3.0-1.el7 salt-latest
salt-minion.noarch 2018.3.0-1.el7 salt-latest
salt-ssh.noarch 2018.3.0-1.el7 salt-latest
salt-syndic.noarch 2018.3.0-1.el7 salt-latest
zeromq.x86_64 4.1.4-6.el7 salt-latest
zeromq-debuginfo.x86_64 4.1.4-6.el7 salt-latest
zeromq-devel.x86_64 4.1.4-6.el7 salt-latest
[root@centos-2 ~]# yum list |grep salt
salt-repo.noarch latest-2.el7 installed
PyYAML.x86_64 3.11-1.el7 salt-latest
PyYAML-debuginfo.x86_64 3.11-1.el7 salt-latest
cppzmq-devel.x86_64 4.1.4-6.el7 salt-latest
libsodium.x86_64 1.0.16-1.el7 salt-latest
libsodium-debuginfo.x86_64 1.0.16-1.el7 salt-latest
libsodium-devel.x86_64 1.0.16-1.el7 salt-latest
libsodium-static.x86_64 1.0.16-1.el7 salt-latest
libtomcrypt-debuginfo.x86_64 1.17-23.el7 salt-latest
libtommath-debuginfo.x86_64 0.42.0-4.el7 salt-latest
m2crypto.x86_64 0.28.2-3.el7 salt-latest
m2crypto-debuginfo.x86_64 0.28.2-3.el7 salt-latest
openpgm.x86_64 5.2.122-2.el7 salt-latest
openpgm-debuginfo.x86_64 5.2.122-2.el7 salt-latest
openpgm-devel.x86_64 5.2.122-2.el7 salt-latest
python-cherrypy.noarch 5.6.0-2.el7 salt-latest
python-crypto.x86_64 2.6.1-2.el7 salt-latest
python-crypto-debuginfo.x86_64 2.6.1-2.el7 salt-latest
python-futures.noarch 3.0.3-1.el7 salt-latest
python-ioflo.noarch 1.3.8-1.el7 salt-latest
python-libnacl.noarch 1.4.3-1.el7 salt-latest
python-msgpack.x86_64 0.4.6-1.el7 salt-latest
python-msgpack-debuginfo.x86_64 0.4.6-1.el7 salt-latest
python-psutil.x86_64 2.2.1-1.el7 salt-latest
python-psutil-debuginfo.x86_64 2.2.1-1.el7 salt-latest
python-pycryptodome-debuginfo.x86_64 3.4.3-2.el7 salt-latest
python-raet.noarch 0.6.5-1.el7 salt-latest
python-salttesting.noarch 2015.7.10-1.el6 epel
python-simplejson.x86_64 3.3.3-1.el7 salt-latest
python-simplejson-debuginfo.x86_64 3.3.3-1.el7 salt-latest
python-timelib.noarch 0.2.4-1.el7 salt-latest
python-tornado-debuginfo.x86_64 4.2.1-1.el7 salt-latest
python-zmq.x86_64 15.3.0-2.el7 salt-latest
python-zmq-debuginfo.x86_64 15.3.0-2.el7 salt-latest
python-zmq-tests.x86_64 15.3.0-2.el7 salt-latest
python2-libcloud.noarch 2.0.0-2.el7 salt-latest
python2-pycryptodomex.x86_64 3.4.3-2.el7 salt-latest
python2-typing.noarch 3.5.2.2-3.el7 salt-latest
python3-pycryptodomex.x86_64 3.4.3-2.el7 salt-latest
python34-typing.noarch 3.5.2.2-3.el7 salt-latest
salt.noarch 2018.3.0-1.el7 salt-latest
salt-api.noarch 2018.3.0-1.el7 salt-latest
salt-cloud.noarch 2018.3.0-1.el7 salt-latest
salt-master.noarch 2018.3.0-1.el7 salt-latest
salt-minion.noarch 2018.3.0-1.el7 salt-latest
salt-ssh.noarch 2018.3.0-1.el7 salt-latest
salt-syndic.noarch 2018.3.0-1.el7 salt-latest
zeromq.x86_64 4.1.4-6.el7 salt-latest
zeromq-debuginfo.x86_64 4.1.4-6.el7 salt-latest
zeromq-devel.x86_64 4.1.4-6.el7 salt-latest
#服务端安装
[root@centos-1 ~]# yum install -y salt-master salt-minion
#客户端
[root@centos-2 ~]# yum install -y salt-minion
启动salt相关服务
配置文件
[root@centos-2 ~]# vi /etc/salt/minion
#找到
#master: salt
#把#去掉并修改为master的主机名
master: centos-2
[root@centos-1 ~]# vi /etc/salt/minion
#找到
#master: salt
#把#去掉并修改为master的主机名
master: centos-2
启动服务端
说明:服务端监听4505和4506两个端口,4505为消息发布的端口,4506为和客户端通信的端口
[root@centos-1 ~]# systemctl start salt-minion
[root@centos-1 ~]# ps aux |grep minion
root 9844 6.3 2.1 307436 21356 ? Ss 14:33 0:00 /usr/bin/python /usr/bin/salt-minion
root 9847 13.2 3.8 461072 38184 ? Sl 14:33 0:01 /usr/bin/python /usr/bin/salt-minion
root 9855 0.0 2.0 400548 20136 ? S 14:33 0:00 /usr/bin/python /usr/bin/salt-minion
root 9871 0.0 0.0 112676 984 pts/0 S+ 14:33 0:00 grep --color=auto minion
[root@centos-1 ~]# systemctl start salt-master
[root@centos-1 ~]# netstat -nvlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 970/sshd
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 11598/python
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1071/master
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 11606/python
tcp6 0 0 :::22 :::* LISTEN 970/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1071/master
启动客户端
[root@centos-2 ~]# systemctl start salt-minion
[root@centos-2 ~]#
[root@centos-2 ~]# ps aux |grep minion
root 2588 3.7 2.1 307436 21356 ? Ss 01:55 0:00 /usr/bin/python /usr/bin/salt-minion
root 2591 103 2.4 403960 24696 ? Rl 01:55 0:13 /usr/bin/python /usr/bin/salt-minion
root 2599 9.6 2.0 400548 20136 ? S 01:55 0:01 /usr/bin/python /usr/bin/salt-minion
root 2601 8.3 0.0 112676 984 pts/1 R+ 01:55 0:00 grep --color=auto minion
saltstack配置认证
•master端和minion端通信需要建立一个安全通道,传输过程需要加密,所以得配置认证,也是通过密钥对来加密解密的
• minion在第一次启动时会在/etc/salt/pki/minion/下生成minion.pem和minion.pub,其中.pub为公钥,它会把公钥传输给master.
master第一次启动时也会在/etc/salt/pki/master下生成密钥对,当master接收到minion传过来的公钥后,通过salt-key工具接受这个公钥,一旦接受后就会在/etc/salt/pki/master/minions/目录里存放刚刚接受的公钥,同时客户端也会接受master传过去的公钥,把它放在/etc/salt/pki/minion目录下,并命名为minion_master.pub
•以上过程需要借助salt-key工具来实现
• 执行如下命令 salt-key -a centos-2// -a后面跟主机名,可以认证指定主机
• salt-key -a centos-2
#服务端(master)
[root@centos-1 ~]# ll /etc/salt/pki/master/
总用量 8
-r--------. 1 root root 1678 4月 6 20:50 master.pem
-rw-r--r--. 1 root root 450 4月 6 20:50 master.pub
drwxr-xr-x. 2 root root 6 4月 6 20:50 minions
drwxr-xr-x. 2 root root 6 4月 6 20:50 minions_autosign
drwxr-xr-x. 2 root root 6 4月 6 20:50 minions_denied
drwxr-xr-x. 2 root root 21 4月 6 20:52 minions_pre
drwxr-xr-x. 2 root root 6 4月 6 20:50 minions_rejected
#客户端
[root@centos-2 ~]# ll /etc/salt/pki/minion/
总用量 8
-r--------. 1 root root 1674 3月 19 01:57 minion.pem
-rw-r--r--. 1 root root 450 3月 19 01:57 minion.pub
salt-key命令用法
-a 后面跟主机名,认证指定主机
-A 认证所有主机
-r 跟主机名,拒绝指定主机
-R 拒绝所有主机
-d 跟主机名,删除指定主机认证
-D 删除全部主机认证
-y 省略掉交互,相当于直接按了y
#列出被识别的机器
[root@centos-1 ~]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
centos-1
Rejected Keys:
#允许所有机器
[root@centos-1 ~]# salt-key -A -y
The following keys are going to be accepted:
Unaccepted Keys:
centos-1
Key for minion centos-1 accepted.
[root@centos-1 ~]# salt-key
Accepted Keys:
centos-1
Denied Keys:
Unaccepted Keys:
Rejected Keys:
说明:一直都识别不了centos-2,查看了/var/log/messages
[root@centos-2 ~]# less /var/log/messages
Apr 7 03:39:14 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
Apr 7 03:40:04 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
Apr 7 03:40:54 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
Apr 7 03:41:44 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
Apr 7 03:42:34 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
Apr 7 03:43:24 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
Apr 7 03:44:14 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
Apr 7 03:45:04 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
Apr 7 03:45:54 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
Apr 7 03:46:44 centos-2 salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.168.157.132 responding?
#查看防火墙
[root@centos-2 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1108 87536 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
12 2333 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
12 2333 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
12 2333 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
10 2233 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 973 packets, 112K bytes)
pkts bytes target prot opt in out source destination
973 112K OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- ens33 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- * ens33 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
12 2333 IN_public all -- ens33 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
12 2333 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
12 2333 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
12 2333 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
1 48 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
#关闭防火墙
[root@centos-2 ~]# systemctl stop firewalld
#重新允许就ok了
[root@centos-1 ~]# salt-key -a centos-2
The following keys are going to be accepted:
Unaccepted Keys:
centos-2
Proceed? [n/Y] y
Key for minion centos-2 accepted.
saltstack远程执行命令
- salt '*' test.ping //这里的*表示所有已经签名的minion端,也可以指定一个.
所有执行命令都是master上执行的,ping是测试对方机器是否存活,显示True表示是互通的. - salt 'centos-1' test.ping
- salt '*' cmd.run "hostname"
- 说明: 这里的*必须是在master上已经被接受过认证的客户端,可以通过salt-key查到,通常是我们已经设定的id值。关于这部分内容,它支持通配、列表以及正则。
#测试所有机器
[root@centos-1 ~]# salt '*' test.ping
centos-3:
True
centos-2:
True
#测试单个机器
[root@centos-1 ~]# salt 'centos-2' test.ping
centos-2:
True
#cmd.run 可以执行所有系统上所能执行的命令
[root@centos-1 ~]# salt '*' cmd.run "hostname"
centos-2:
centos-2
centos-3:
centos-3
[root@centos-1 ~]# salt '*' cmd.run "ls"
centos-2:
anaconda-ks.cfg
centos-3:
anaconda-ks.cfg
[root@centos-1 ~]# salt '*' cmd.run "df -h"
centos-3:
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 18G 1.8G 17G 10% /
devtmpfs 478M 0 478M 0% /dev
tmpfs 488M 12K 488M 1% /dev/shm
tmpfs 488M 6.8M 481M 2% /run
tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 1014M 153M 862M 16% /boot
tmpfs 98M 0 98M 0% /run/user/0
centos-2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 18G 1.5G 17G 9% /
devtmpfs 477M 0 477M 0% /dev
tmpfs 488M 12K 488M 1% /dev/shm
tmpfs 488M 6.8M 481M 2% /run
tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 1014M 162M 853M 16% /boot
tmpfs 98M 0 98M 0% /run/user/0
saltstack-grains
- grains是在minion启动时收集的一些信息,比如操作系统类型、网卡ip、内核版本、cpu架构
- salt 'centos-2' grains.ls 列出所有的grains项目名字
- salt 'centos-2' grains.items 列出所有grains项目以及值
- grains的信息并不是动态的,并不会实时变更,它是在minion启动时收集到的。
- 我们可以根据grains收集到的一些信息,做配置管理工作
- grains支持自定义信息。
#grains.ls
[root@centos-1 ~]# salt 'centos-2' grains.ls
centos-2:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_support
- zmqversion
#grains.items
[root@centos-1 ~]# salt 'centos-2' grains.items
centos-2:
----------
SSDs:
biosreleasedate:
05/19/2017
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- eagerfpu
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- invpcid_single
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- mpx
- rdseed
- adx
- smap
- clflushopt
- xsaveopt
- xsavec
- arat
cpu_model:
Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
cpuarch:
x86_64
disks:
- sda
- sr0
- dm-0
- dm-1
dns:
----------
domain:
ip4_nameservers:
- 192.168.157.2
ip6_nameservers:
nameservers:
- 192.168.157.2
options:
search:
- localdomain
sortlist:
domain:
fqdn:
centos-2
fqdn_ip4:
- 192.168.157.135
fqdn_ip6:
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
groupname:
root
host:
centos-2
hwaddr_interfaces:
----------
ens33:
00:0c:29:1c:71:04
lo:
00:00:00:00:00:00
id:
centos-2
init:
systemd
ip4_gw:
192.168.157.2
ip4_interfaces:
----------
ens33:
- 192.168.157.135
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
ens33:
- fe80::c588:134d:8941:6e3c
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
ens33:
- 192.168.157.135
- fe80::c588:134d:8941:6e3c
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.157.135
ipv6:
- ::1
- fe80::c588:134d:8941:6e3c
kernel:
Linux
kernelrelease:
3.10.0-693.21.1.el7.x86_64
kernelversion:
#1 SMP Wed Mar 7 19:03:37 UTC 2018
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
zh_CN
detectedencoding:
UTF-8
localhost:
centos-2
lsb_distrib_codename:
CentOS Linux 7 (Core)
lsb_distrib_id:
CentOS Linux
machine_id:
c5cc98f55ea445fe93d4e301a7b25be5
manufacturer:
VMware, Inc.
master:
centos-1
mdadm:
mem_total:
975
nodename:
centos-2
num_cpus:
1
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Linux 7 (Core)
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.4.1708
osrelease_info:
- 7
- 4
- 1708
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
1670
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2018.3.0
saltversioninfo:
- 2018
- 3
- 0
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d 75 76 c1 c5 0e 26-13 ba d3 96 19 1c 71 04
server_id:
1706614909
shell:
/bin/sh
swap_total:
1023
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
uid:
0
username:
root
uuid:
76754d56-c5c1-260e-13ba-d396191c7104
virtual:
VMware
zfs_support:
False
zmqversion:
4.1.4
saltstack – 自定义grains
- minion上添加自定义grains
- 在minion上添加自定义grains 之后就可以在master上获取grains
#定义grains
[root@centos-2 ~]# vim /etc/salt/grains
role: nginx
env: test
说明:grains 文件是不存在,包括里面的内容也是自定义的.
前面是key,后面的是value
#重启服务
[root@centos-2 ~]# systemctl restart salt-minion
#在master上获取grains
[root@centos-1 ~]# salt '*' grains.item role env
centos-2:
----------
env:
test
role:
nginx
centos-3:
----------
env:
role:
#根据定义的grains对这台机器做一些操作,也可以说是一种匹配手段.
也可以根据定义grais对服务器分组,然后可以对某组机器做一些操作.
[root@centos-1 ~]# salt -G role:nginx cmd.run 'hostname'
centos-2:
centos-2
saltstack-pillar
-
pillar和grains不一样,是在master上定义的,并且是针对minion定义的一些信息。像一些比较重要的数据(密码)可以存在pillar里,还可以定义变量等。
-
当更改完pillar配置文件后,我们可以通过刷新pillar配置来获取新的pillar状态,salt '*' saltutil.refresh_pillar
[root@centos-1 ~]# vim /etc/salt/master
#pillar_roots:
#base:
#- /srv/pillar
说明:找到pillar roots 把#去掉以及下面的两行
#重启master服务
[root@centos-1 ~]# systemctl restart salt-master
#创建pillar 定义的目录
[root@centos-1 ~]# mkdir /srv/pillar
#进入目录,创建一个定义key 和value的文件
[root@centos-1 ~]# cd /srv/pillar
[root@centos-1 ~]# vim test.sls
conf: /etc/123.conf
说明: conf是一个key,/etc/123.conf是value
#创建一个总入口文件
[root@centos-1 pillar]# vim top.sls
base:
'centos-2': //指定机器
- test //表示要加载哪个配置文件
#如果要加载多个配置文件
[root@centos-1 pillar]# vim top.sls
base:
'centos-2': //指定机器
- test //表示要加载哪个配置文件
- test1
#创建一个test1配置文件(可以是定义目录)
[root@centos-1 pillar]# vim test1.sls
dir: /data/123
#刷新pillar 配置文件
[root@centos-1 pillar]# salt '*' saltutil.refresh_pillar
centos-3:
True
centos-2:
True
#验证
[root@centos-1 pillar]# salt '*' pillar.item conf dir
centos-2:
----------
conf:
/etc/123.conf
dir:
/data/123
centos-3:
----------
conf:
dir:
#pillar同样可以用来作为salt的匹配对象。比如 salt -I 'conf:/etc/123.conf' test.ping
[root@centos-1 pillar]# salt -I 'conf:/etc/123.conf' cmd.run 'who'
centos-2:
root tty1 Apr 7 11:24
root pts/0 Apr 7 11:27 (192.168.157.1)
saltstack – 安装配置httpd
[root@centos-1 ~]# vim /etc/salt/master
#找到file_roots,把#去掉以及下面两行
file_roots:
base:
- /srv/salt/
#创建定义的目录 &进入目录
[root@centos-1 ~]# mkdir /srv/salt
[root@centos-1 ~]# cd /srv/salt
#定义总入口文件
[root@centos-1 salt]# vim top.sls
base:
'*':
- httpd
[root@centos-1 salt]# vim httpd.sls
httpd-service:
pkg.installed:
- names:
- httpd
- httpd-devel
service.running:
- name: httpd
- enable: True
说明: httpd-service是id的名字,自定义的pkg.installed 为包安装函数,是saltstack内置的一个模块,下面是要安装的包的名字。service.running也是一个函数,来保证指定的服务启动,enable表示开机启动
#执行过程会比较慢,因为客户端上在yum install httpd httpd-devel
[root@centos-1 salt]# salt 'centos-2' state.highstate
centos-2:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 17:23:33.490916
Duration: 48908.134 ms
Changes:
----------
apr:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-67.el7.centos.6
old:
httpd-tools:
----------
new:
2.4.6-67.el7.centos.6
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 17:24:22.459399
Duration: 6797.93 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-21.el7
old:
cyrus-sasl-devel:
----------
new:
2.1.26-21.el7
old:
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-67.el7.centos.6
old:
libdb-devel:
----------
new:
5.3.21-21.el7_4
old:
openldap-devel:
----------
new:
2.4.44-5.el7
old:
----------
ID: httpd-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 17:24:30.128553
Duration: 274.79 ms
Changes:
----------
httpd:
True
Summary for centos-2
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 55.981 s
#centos-2 机器上可以看到httpd服务已经起来了
[root@centos-2 ~]# ps aux |grep httpd
root 3523 0.0 0.4 221948 4964 ? Ss 17:24 0:00 /usr/sbin/httpd -DFOREGROUND
apache 3524 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND
apache 3525 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND
apache 3526 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND
apache 3527 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND
apache 3528 0.0 0.2 221948 2960 ? S 17:24 0:00 /usr/sbin/httpd -DFOREGROUND
root 3661 0.0 0.0 112676 984 pts/0 R+ 17:27 0:00 grep --color=auto httpd
#并且有httpd.service这个文件,那么有这个文件的话就可以把httpd这个服务启动起来
[root@centos-2 ~]# ls /lib/systemd/system/httpd.service
/lib/systemd/system/httpd.service
saltstack – 配置管理文件
- 配置管理文件,就是在master端上弄一个文件或多个,也可以说作为一个模板,从这个模板分发到每个minion端。 比如在实际运维工作中,我要修改某个文件,针对某个组机器,那么就可以先把已修改好的配置文件模板放到master上,再通知minion端,要做哪些操作.
-
说明:第一行的file_test为自定的名字,表示该配置段的名字,可以在别的配置段中引用它,source指定文件从哪里拷贝,这里的salt://test/123/1.txt相当于是/srv/salt/test/123/1.txt
在master上配置
[root@centos-1 ~]# vim /srv/salt/test.sls
file_test:
file.managed:
- name: /tmp/www
- source: salt://test/123/1.txt
- user: root
- group: root
- mode: 600
#创建test 以及123目录
[root@centos-1 ~]# cd /srv/salt/
[root@centos-1 salt]# ls
httpd.sls test.sls top.sls
[root@centos-1 salt]# mkdir test
[root@centos-1 salt]# mkdir test/123
#拷贝一个文件内容
[root@centos-1 salt]# cp /etc/passwd test/123/1.txt
#修改总入口文件,因为引用的是test文件
[root@centos-1 salt]# vim top.sls
base:
'*':
- test
#先对centos-2做实验
[root@centos-1 salt]# salt 'centos-2' state.highstate
centos-2:
----------
ID: file_test
Function: file.managed
Name: /tmp/www
Result: True
Comment: File /tmp/www updated
Started: 17:54:30.430831
Duration: 187.966 ms
Changes:
----------
diff:
New file
Summary for centos-2
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 187.966 ms
#可以看到centos-2 /tmp/是有www这个文件,并且属主和属组是root & 权限是600
[root@centos-2 ~]# ls -lt /tmp/www
-rw------- 1 root root 1040 4月 7 17:54 /tmp/www
#内容和拷贝的是一样的
[root@centos-1 salt]# cat test/123/1.txt
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:997:995:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
[root@centos-2 ~]# cat !$
cat /tmp/www
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:997:995:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
saltstack – 配置管理目录
[root@centos-1 salt]# pwd
/srv/salt
[root@centos-1 salt]# vim test_dir.sls
file_dir:
file.recurse:
- name: /tmp/testdir //目标路径
- source: salt://test/123 //源路径
- user: root
- file_mode: 640
- dir_mode: 750
- mkdir: True
- clean: True //加上它之后,源删除文件或目录,目标也会跟着删除,否则不会删除
#配置总入口文件
[root@centos-1 salt]# vim top.sls
base:
'*':
- test
- test_dir
#执行
[root@centos-1 salt]# salt 'centos-2' state.highstate
centos-2:
----------
ID: file_test
Function: file.managed
Name: /tmp/www
Result: True
Comment: File /tmp/www is in the correct state
Started: 18:26:54.201975
Duration: 139.178 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 18:26:54.341386
Duration: 169.995 ms
Changes:
----------
/tmp/testdir/1.txt:
----------
diff:
New file
mode:
0640
Summary for centos-2
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 309.173 ms
#可以看到centos-2 tmp目录下创建了testdir目录,以及1.txt文件
[root@centos-2 ~]# ls -lt /tmp/testdir
总用量 4
-rw-r----- 1 root root 1040 4月 7 18:26 1.txt
注意:如果source对应的目录里有空目录的话,客户端上不会创建该目录
saltstack – 配置管理远程命令
在master 上
#子配置文件
[root@centos-1 salt]# vi shell_test.sls
shell_test:
cmd.script:
- source: salt://test/1.sh
- user: root
#创建一个脚本,脚本的作用是touch一个文件
[root@centos-1 salt]# ls
httpd.sls shell_test.sls test test_dir.sls test.sls top.sls
[root@centos-1 salt]# vim test/1.sh
#!/bin/bash
touch /tmp/111.txt
if [ ! -d /tmp/1233 ]
then
mkdir /tmp/1233
fi
#修改总入口文件,指定执行文件
[root@centos-1 salt]# vim top.sls
base:
'*':
- shell_test
#执行
[root@centos-1 salt]# salt 'centos-2' state.highstate
centos-2:
----------
ID: shell_test
Function: cmd.script
Result: True
Comment: Command 'shell_test' run
Started: 18:50:48.348033
Duration: 154.499 ms
Changes:
----------
pid:
4136
retcode:
0
stderr:
stdout:
Summary for centos-2
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 154.499 ms
#可以看到centos-2 tmp目录下有111.txt 以及1233目录,所以执行脚本是成功的
[root@centos-2 ~]# ls -lt /tmp/
总用量 4
drwxr-xr-x 2 root root 6 4月 7 18:50 1233
-rw-r--r-- 1 root root 0 4月 7 18:50 111.txt
drwxr-x--- 2 root root 18 4月 7 18:26 testdir
-rw------- 1 root root 1040 4月 7 17:54 www
saltstack – 配置管理任务计划
说明:*需要用单引号引起来。当然我们还可以使用file.managed模块来管理cron,因为系统的cron都是以配置文件的形式存在的。想要删除该cron,需要增加:
cron.absent:
- name: /bin/touch /tmp/111.txt
两者不能共存,要想删除一个cron,那之前的present就得去掉。
#子配置文件
[root@centos-1 salt]# vim cron_test.sls
cron_test:
cron.present:
- name: /bin/touch /tmp/111.txt
- user: root
- minute: '*'
- hour: 20
- daymonth: '*'
- month: '*'
- dayweek: '*'
#修改总入口文件
[root@centos-1 salt]# vim top.sls
base:
'*':
- cron_test
#执行
[root@centos-1 salt]# salt 'centos-2' state.highstate
centos-2:
----------
ID: cron_test
Function: cron.present
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt added to root's crontab
Started: 19:04:15.954182
Duration: 1240.856 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary for centos-2
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 1.241 s
#在centos-2 可以看到crontab 有定时任务
[root@centos-2 ~]# crontab -l
# Lines below here are managed by Salt, do not edit
# SALT_CRON_IDENTIFIER:/bin/touch /tmp/111.txt
* 20 * * * /bin/touch /tmp/111.txt
#删除一个crontab
[root@centos-1 salt]# vim cron_test.sls
cron_test:
cron.absent:
- name: /bin/touch /tmp/111.txt
#执行
[root@centos-1 salt]# salt 'centos-2' state.highstate
centos-2:
----------
ID: cron_test
Function: cron.absent
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt removed from root's crontab
Started: 19:27:02.423241
Duration: 534.817 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary for centos-2
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 534.817 ms
#可以看到centos-2里面就没有定时任务了
[root@centos-2 ~]# crontab -l
# Lines below here are managed by Salt, do not edit
saltstack – 配置管理任务计划
- cp.get_file 拷贝master上的文件到客户端
[root@centos-1 salt]# salt '*' cp.get_file salt://test/1.txt /tmp/123.txt
centos-2:
/tmp/123.txt
centos-3:
/tmp/123.txt
#centos-2就有刚刚拷贝的
[root@centos-2 ~]# ll /tmp/123.txt
-rw-r--r-- 1 root root 1040 4月 7 19:32 /tmp/123.txt
-
cp.get_dir 拷贝目录
[root@centos-1 salt]# salt '*' cp.get_dir salt://test/123 /tmp/
centos-2:
- /tmp//123/1.txt
centos-3:
- /tmp//123/1.txt
#centos-2 上就有123目录
[root@centos-2 ~]# ls -ld /tmp/123
drwxr-xr-x 2 root root 18 4月 7 19:35 /tmp/123
- salt-run manage.up 显示存活的minion
[root@centos-1 salt]# salt-run manage.up
- centos-2
- centos-3
- 命令行下执行master上的shell脚本
[root@centos-1 salt]# salt '*' cmd.script salt://test/1.sh
centos-3:
----------
pid:
3485
retcode:
0
stderr:
stdout:
centos-2:
----------
pid:
4686
retcode:
0
stderr:
stdout:
salt-ssh使用
- salt-ssh 不需要借助于minion,也不需要启动什么服务,就可以到对方机器上去做一些事情,前提是得公钥放到对方机器上去,类似于ssh过去
#安装rpm,如果安装过就不需要安装
[root@centos-1 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
#yum 安装salt-ssh
[root@centos-1 ~]# yum install -y salt-ssh
- /etc/salt/roster配置文件就是salt-ssh需要的一个配置文件,这个配置文件是用来定义主机名,host ,user passwd
[root@centos-1 ~]# vim /etc/salt/roster
# Sample salt-ssh config file
#web1:
# host: 192.168.42.1 # The IP addr or DNS hostname
# user: fred # Remote executions will be executed as user fred
# passwd: foobarbaz # The password to use for login, if omitted, keys are used
# sudo: True # Whether to sudo to root, not enabled by default
#web2:
# host: 192.168.42.2
centos-1:
host: 192.168.157.132
user: root
passwd: 123456
centos-2:
host: 192.168.157.135
user: root
passwd: 123456
centos-3:
host:192.168.157.134
user:root
passwd:123456
#执行
[root@centos-1 ~]# salt-ssh --key-deploy '*' -r 'w'
centos-2:
----------
retcode:
254
stderr:
stdout:
The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:
The authenticity of host '192.168.157.135 (192.168.157.135)' can't be established.
ECDSA key fingerprint is SHA256:SnG/YnIn6N2uaLYfpQpk8dm6NlqQ0yWLddg49wC1SjI.
ECDSA key fingerprint is MD5:f8:35:a3:74:91:17:7f:00:05:06:1a:71:3a:e3:f4:4a.
Are you sure you want to continue connecting (yes/no)?
centos-1:
----------
retcode:
254
stderr:
stdout:
The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:
The authenticity of host '192.168.157.132 (192.168.157.132)' can't be established.
ECDSA key fingerprint is SHA256:SnG/YnIn6N2uaLYfpQpk8dm6NlqQ0yWLddg49wC1SjI.
ECDSA key fingerprint is MD5:f8:35:a3:74:91:17:7f:00:05:06:1a:71:3a:e3:f4:4a.
Are you sure you want to continue connecting (yes/no)?
centos-3:
ssh: Could not resolve hostname host:192.168.157.134: Temporary failure in name resolution
说明:可以看到执行是不成功的,因为第一次登陆的时候需要输入yes,手动执行一遍就可以了
#重新执行,就可以看到w命令执行的结果
[root@centos-1 ~]# salt-ssh --key-deploy '*' -r 'w'
centos-1:
----------
retcode:
0
stderr:
stdout:
20:07:52 up 8:44, 3 users, load average: 0.03, 0.10, 0.19
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 11:24 8:42m 0.30s 0.30s -bash
root pts/0 192.168.157.1 11:27 8.00s 0.70s 0.01s ssh centos-1
root pts/1 centos-1 20:07 8.00s 0.86s 0.09s /usr/bin/python /usr/bin/salt-ssh --key-deploy * -r w
centos-3:
----------
retcode:
0
stderr:
stdout:
root@192.168.157.134's password:
20:07:53 up 8:44, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 11:25 8:42m 0.03s 0.03s -bash
root pts/0 192.168.157.1 11:27 7:51m 0.04s 0.03s bash
centos-2:
----------
retcode:
0
stderr:
stdout:
20:07:53 up 8:44, 2 users, load average: 0.27, 0.10, 0.07
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 11:24 8:43m 0.36s 0.36s -bash
root pts/0 192.168.157.1 11:27 31:45 0.09s 0.09s -bash
#把密码删除掉, 再执行也可以,说明已经把公钥推送过去了
[root@centos-1 ~]# vim /etc/salt/roster
# Sample salt-ssh config file
#web1:
# host: 192.168.42.1 # The IP addr or DNS hostname
# user: fred # Remote executions will be executed as user fred
# passwd: foobarbaz # The password to use for login, if omitted, keys are used
# sudo: True # Whether to sudo to root, not enabled by default
#web2:
# host: 192.168.42.2
centos-1:
host: 192.168.157.132
user: root
centos-2:
host: 192.168.157.135
user: root
centos-3:
host: 192.168.157.134
user: root
[root@centos-1 ~]# salt-ssh --key-deploy '*' -r 'w'
centos-2:
----------
retcode:
0
stderr:
stdout:
20:13:10 up 8:49, 2 users, load average: 0.00, 0.04, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 11:24 8:48m 0.36s 0.36s -bash
root pts/0 192.168.157.1 11:27 2:30 0.10s 0.10s -bash
centos-1:
----------
retcode:
0
stderr:
stdout:
20:13:10 up 8:49, 2 users, load average: 0.14, 0.09, 0.15
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 11:24 8:48m 0.30s 0.30s -bash
root pts/0 192.168.157.1 11:27 6.00s 1.18s 0.01s /usr/bin/python /usr/bin/salt-ssh --key-deploy * -r w
centos-3:
----------
retcode:
0
stderr:
stdout:
20:13:10 up 8:49, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 11:25 8:48m 0.03s 0.03s -bash
root pts/0 192.168.157.1 11:27 3:18 0.10s 0.09s bash