本文介绍了SaltStack的基础原理和配置过程,它是一个用于异构平台基础设置管理的工具,基于Python和ZeroMQ通信。主要内容包括SaltStack的C/S架构,master与minion的互信建立,以及命令执行流程。此外,还提供了安装与简单配置的指导。
saltstack 基本原理和基本配置(官网 https://docs.saltstack.com/en/latest/)
说明:salt是一个异构平台基础设置管理工具(虽然我们通常只用在Linux上),使用轻量级的通讯器ZMQ,用Python写成的批量管理工具,完全开源,遵守Apache2协议,与Puppet,Chef功能类似,有一个强大的远程执行命令引擎,也有一个强大的配置管理系统,通常叫做Salt State System。
基本原理:
SaltStack 采用 C/S模式,server端就是salt的master,client端就是minion,minion与master之间通过ZeroMQ消息队列通信
minion上线后先与master端联系,把自己的pub key发过去,这时master端通过salt-key -L命令就会看到minion的key,接受该minion-key后,也就是master与minion已经互信
master可以发送任何指令让minion执行了,salt有很多可执行模块,比如说cmd模块,在安装minion的时候已经自带了,它们通常位于你的python库中,locate salt | grep /usr/ 可以看到salt自带的所有东西。
这些模块是python写成的文件,里面会有好多函数,如cmd.run,当我们执行salt '*' cmd.run 'uptime'的时候,master下发任务匹配到的minion上去,minion执行模块函数,并返回结果。master监听4505和4506端口,4505对应的是ZMQ的PUB system,用来发送消息,4506对应的是REP system是来接受消息的。
具体步骤如下
Salt stack的Master与Minion之间通过ZeroMq进行消息传递,使用了ZeroMq的发布-订阅模式,连接方式包括tcp,ipc
salt命令,将
cmd.run ls命令从salt.client.LocalClient.cmd_cli发布到master,获取一个Jodid,根据jobid获取命令执行结果。master接收到命令后,将要执行的命令发送给客户端minion。
minion从消息总线上接收到要处理的命令,交给
minion._handle_aes处理minion._handle_aes发起一个本地线程调用cmdmod执行ls命令。线程执行完ls后,调用minion._return_pub方法,将执行结果通过消息总线返回给mastermaster接收到客户端返回的结果,调用
master._handle_aes方法,将结果写的文件中salt.client.LocalClient.cmd_cli通过轮询获取Job执行结果,将结果输出到终端。
SaltStack使用教程(一):安装并简单配置使用
这里有两个节点(centos7)
salt-master.2018.com 192.168.91.134
salt-minion.2018.com 192.168.91.133
后端另外起两台虚拟机
这里先给两个节点安装个epel源,方便salt网络安装。
[root@salt-master ~]# rpm -ivh http://mirrors.ustc.edu.cn/centos/7/extras/x86_64/Packages/epel-release-7-11.noarch.rpm
(master)节点操作
hostname salt-master.2018.com
bash
[root@salt-master ~]# cat /etc/hosts
192.168.91.134 salt-master.2018.com
192.168.91.133 salt-minion.2018.com
[root@salt-master ~]# yum -y install salt salt-master salt-minion
[root@salt-master ~]# egrep -v '^#|^$' /etc/salt/minion
master: 192.168.91.134
[root@salt-master ~]# systemctl start salt-minion
[root@salt-master ~]# systemctl restart salt-master (要先启动master,否则到salt-key时看不到客户端)
(minion)节点操作
hostname salt-minion.2018.com
bash
[root@salt-minion ~]# cat /etc/hosts
192.168.91.134 salt-master.2018.com
192.168.91.133 salt-minion.2018.com
[root@salt-minion ~]# yum -y install salt salt-minion
[root@salt-minion ~]# egrep -v "^#|^$" /etc/salt/minion
master: 192.168.91.134
[root@salt-minion ~]# systemctl start salt-minion
认证 (master)节点操作
查看salt-master接收到的密钥,分别是“192.168.91.134”和“192.168.91.134”,master通过这些密钥
salt-key -L 查看当前密钥
-A 接受所有来自客户端密钥
--accept=example.com 接受指定的密钥
[root@salt-master master]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-master.2018.com
salt-minion.2018.com
Rejected Keys:
[root@salt-master master]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt-master.2018.com
salt-minion.2018.com
Proceed? [n/Y] Y
Key for minion salt-master.2018.com accepted.
Key for minion salt-minion.2018.com accepted.
[root@salt-master master]# tree
.
├── master.pem
├── master.pub
├── minions
│?? ├── salt-master.2018.com
│?? └── salt-minion.2018.com
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
批量管理,普通的命令使用:
[root@salt-master master]# salt '*' network.ip_addrs
salt-minion.2018.com:
- 192.168.91.133
salt-master.2018.com:
- 192.168.91.134
[root@salt-master master]# salt '*' cmd.run 'ls -l'
salt-minion.2018.com:
total 4
-rw-------. 1 root root 1264 Jun 8 07:42 anaconda-ks.cfg
salt-master.2018.com:
total 4
-rw-------. 1 root root 1264 Jun 28 2018 anaconda-ks.cfg
[root@salt-master master]# salt '*' cmd.run 'df -hT'
salt-minion.2018.com:
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/cl-root xfs 18G 1.2G 17G 7% /
devtmpfs devtmpfs 100M 0 100M 0% /dev
tmpfs tmpfs 111M 12K 111M 1% /dev/shm
tmpfs tmpfs 111M 4.6M 106M 5% /run
tmpfs tmpfs 111M 0 111M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 139M 876M 14% /boot
tmpfs tmpfs 23M 0 23M 0% /run/user/0
salt-master.2018.com:
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/cl-root xfs 18G 1.2G 17G 7% /
devtmpfs devtmpfs 100M 0 100M 0% /dev
tmpfs tmpfs 111M 16K 111M 1% /dev/shm
tmpfs tmpfs 111M 4.6M 106M 5% /run
tmpfs tmpfs 111M 0 111M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 139M 876M 14% /boot
tmpfs tmpfs 23M 0 23M 0% /run/user/0
安装apache测试(master操作):
[root@salt-master ~]# vi /etc/salt/master #找到此文件的三项吧注稀去掉
file_roots:
base:
- /srv/salt/
[root@salt-master ~]# systemctl restart salt-master #改完配置记得重启
[root@salt-master ~]# ll /srv/
total 0
[root@salt-master ~]# mkdir /srv/salt 创建目录
[root@salt-master ~]# cat /srv/salt/apache.sls
apache-install:
pkg.installed:
- names:
- httpd
- httpd-devel
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
[root@salt-master salt]# cd /srv/salt
[root@salt-master salt]# salt '*' state.sls apache #执行安装apache <=============================================
salt-minion.2018.com:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 09:22:05.968332
Duration: 77592.603 ms
Changes:
----------
apr:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-80.el7.centos
old:
httpd-tools:
----------
new:
2.4.6-80.el7.centos
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 09:23:23.624525
Duration: 57810.569 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-lib:
----------
new:
2.1.26-23.el7
old:
2.1.26-20.el7_2
expat:
----------
new:
2.1.0-10.el7_3
old:
2.1.0-8.el7
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-80.el7.centos
old:
libdb:
----------
new:
5.3.21-24.el7
old:
5.3.21-19.el7
libdb-devel:
----------
new:
5.3.21-24.el7
old:
libdb-utils:
----------
new:
5.3.21-24.el7
old:
5.3.21-19.el7
openldap:
----------
new:
2.4.44-15.el7_5
old:
2.4.40-13.el7
openldap-devel:
----------
new:
2.4.44-15.el7_5
old:
perl:
----------
new:
4:5.16.3-292.el7
old:
perl-Carp:
----------
new:
1.26-244.el7
old:
perl-Encode:
----------
new:
2.51-7.el7
old:
perl-Exporter:
----------
new:
5.68-3.el7
old:
perl-File-Path:
----------
new:
2.09-2.el7
old:
perl-File-Temp:
----------
new:
0.23.01-3.el7
old:
perl-Filter:
----------
new:
1.49-3.el7
old:
perl-Getopt-Long:
----------
new:
2.40-3.el7
old:
perl-HTTP-Tiny:
----------
new:
0.033-3.el7
old:
perl-PathTools:
----------
new:
3.40-5.el7
old:
perl-Pod-Escapes:
----------
new:
1:1.04-292.el7
old:
perl-Pod-Perldoc:
----------
new:
3.20-4.el7
old:
perl-Pod-Simple:
----------
new:
1:3.28-4.el7
old:
perl-Pod-Usage:
----------
new:
1.63-3.el7
old:
perl-Scalar-List-Utils:
----------
new:
1.27-248.el7
old:
perl-Socket:
----------
new:
2.010-4.el7
old:
perl-Storable:
----------
new:
2.45-3.el7
old:
perl-Text-ParseWords:
----------
new:
3.29-4.el7
old:
perl-Time-HiRes:
----------
new:
4:1.9725-3.el7
old:
perl-Time-Local:
----------
new:
1.2300-2.el7
old:
perl-constant:
----------
new:
1.27-2.el7
old:
perl-libs:
----------
new:
4:5.16.3-292.el7
old:
perl-macros:
----------
new:
4:5.16.3-292.el7
old:
perl-parent:
----------
new:
1:0.225-244.el7
old:
perl-podlators:
----------
new:
2.5.1-3.el7
old:
perl-threads:
----------
new:
1.87-4.el7
old:
perl-threads-shared:
----------
new:
1.43-6.el7
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 09:24:21.744213
Duration: 1251.942 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt '*' state.highstate #高级命令<===================================================
salt-master.2018.com:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 09:57:11.349875
Duration: 4448.496 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: Package httpd-devel is already installed.
Started: 09:57:15.813243
Duration: 5.4 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 09:57:15.841438
Duration: 1133.422 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
salt-minion.2018.com:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 09:57:19.216583
Duration: 3065.988 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: Package httpd-devel is already installed.
Started: 09:57:22.282969
Duration: 0.477 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 09:57:22.288283
Duration: 417.697 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
到客户端查到(minion操作)
[root@salt-minion ~]# ps aux | grep yum
root 3839 31.0 54.6 991580 123448 ? D 09:22 0:04 /usr/bin/python /usr/bin/yum --quiet check-update #在更新系统
root 3876 6.0 0.0 112648 112 pts/0 D+ 09:22 0:00 grep --color=auto yum
[root@salt-minion ~]# ps aux | grep yum
root 4010 10.6 10.9 821284 24628 ? Sl 09:23 0:00 /usr/bin/python /usr/bin/yum -y install httpd-devel #更新完成后安装httpd
最后看httpd启动成功:
[root@salt-minion ~]# netstat -tunlp | grep httpd
tcp6 0 0 :::80
内容有自己写,有网上抄。不管自己写,还是网上抄。能帮助大家就是好文章!
扫一扫
636
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
