saltstack
1. saltstack简介
saltstack是一个配置管理系统,能够维护预定义状态的远程节点。
saltstack是一个分布式远程执行系统,用来在远程节点上执行命令和查询数据。
saltstack是运维人员提高工作效率、规范业务配置与操作的利器。
Salt的核心功能
使命令发送到远程系统是并行的而不是串行的
使用安全加密的协议
使用最小最快的网络载荷
提供简单的编程接口
Salt同样引入了更加细致化的领域控制系统来远程执行,使得系统成为目标不止可以通过主机名,还可以通过系统属性。
Saltstack采用 C/S模式,由master和minion构成,master是服务器端,表示一台服务器;minion是客户端,表示有多台服务器。在master上发送命令给符合条件的minion,minion就会执行相应的命令,master和minion之间是通过ZeroMQ(消息队列)进行通信的。
SaltStack的master端默认监听4505和4406,4505为master和minion认证通信端口,4506为master用来发送命令或接收minion的命令执行返回信息。
当客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,而master通过这条TCP连接对客户端进行控制。如果断开连接,master对客户端将不能进行控制。但是,当客户端检查到连接断开后,会定期向master端请求注册连接
Master:控制中心,salt命令运行和资源状态管理端
Minions:需要管理的客户端机器,会主动去连接master端,并从master端得到资源状态,同步资源管理信息
2. saltstack安装和配置
设置官方yum仓库:
[root@server2 yum.repos.d]# yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm # 这里使用阿里云镜像,速度较快
[root@server2 yum.repos.d]# ls
redhat.repo salt-latest.repo yum.repo
[root@server2 yum.repos.d]# cat salt-latest.repo
[salt-latest]
name=SaltStack Latest Release Channel for RHEL/Centos $releasever
baseurl=https://repo.saltstack.com/yum/redhat/7/$basearch/latest
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key
[root@server2 ~]# yum list salt-master # 当前版本是3000.3
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Available Packages
salt-master.noarch 3000.3-1.el7 salt-latest
[root@server2 ~]# yum install salt-master -y # 再server2节点安装salt-master
[root@server3 ~]# cd /etc/yum.repos.d/
[root@server3 yum.repos.d]# yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
[root@server3 yum.repos.d]# yum install -y salt-minion
[root@server4 ~]# cd /etc/yum.repos.d/
[root@server4 yum.repos.d]# yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
[root@server4 yum.repos.d]# yum install -y salt-minion
[root@server2 ~]# systemctl start salt-master
[root@server2 ~]# systemctl enable salt-master
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
[root@server2 ~]# netstat -antlpe # 开启4505和4506端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 0 56239 23516/python
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 0 56562 23522/python
[root@server2 ~]# yum install python-setproctitle.x86_64 -y # 使进程显示更多信息
[root@server2 ~]# systemctl restart salt-master
[root@server3 yum.repos.d]# cd /etc/salt/
[root@server3 salt]# vim minion
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: 172.25.60.2 # 设置master节点的ip
[root@server3 salt]# systemctl start salt-minion
[root@server3 salt]# systemctl enable salt-minion
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
[root@server2 ~]# yum install -y lsof
[root@server2 ~]# lsof -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 24943 root 15u IPv4 60078 0t0 TCP *:4505 (LISTEN)
[root@server2 ~]# lsof -i :4506
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 24949 root 23u IPv4 61114 0t0 TCP *:4506 (LISTEN)
/usr/bin/ 24949 root 30u IPv4 64650 0t0 TCP server2:4506->server3:32884 (ESTABLISHED)
[root@server2 ~]# salt-key -L # 当前server3不可连
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server3
Rejected Keys:
[root@server2 ~]# salt-key -A # 允许所有的连接
The following keys are going to be accepted:
Unaccepted Keys:
server3
Proceed? [n/Y] Y
Key for minion server3 accepted.
[root@server2 ~]# salt-key -L # 当前server3可连
Accepted Keys:
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server2 ~]# lsof -i :4505 # 正常连接
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 24943 root 15u IPv4 60078 0t0 TCP *:4505 (LISTEN)
/usr/bin/ 24943 root 17u IPv4 64960 0t0 TCP server2:4505->server3:40078 (ESTABLISHED)
[root@server2 master]# pwd
/etc/salt/pki/master # Public Key Infrastructure 公钥基础设施
[root@server2 master]# md5sum master.pub # 查看并获取这个文件的md5值
ce5adfb6f487bec6b5a4e70411487faf master.pub
[root@server2 minions]# pwd
/etc/salt/pki/master/minions
[root@server2 minions]# md5sum server3
27a4e1ff3ca0f21bf3c42438a5aa0ca7 server3
[root@server3 minion]# pwd
/etc