http://docs.saltstack.cn/ref/cli/index.html
一、扩展模块
[root@server1 ~]# mkdir /srv/salt/_modules
[root@server1 ~]# cd /srv/salt/_modules/
[root@server1 _modules]# vim my_disk.py
#! /usr/bin/env python
def df():
return __salt__['cmd.run']('df -h')
[root@server1 _modules]# salt server2 saltutil.sync_modules
[root@server2 ~]# cd /var/cache/salt/minion
[root@server2 minion]# tree .
[root@server1 _modules]# salt server2 my_disk.df
[root@server2 minion]# tree . ##再次查看生成.pyc文件
[root@server2 modules]# pwd
/var/cache/salt/minion/extmods/modules
[root@server2 modules]# ls
my_disk.py my_disk.pyc
[root@server2 modules]# cat my_disk.pyc
二、基于salt-syndic部署saltstack实现多级master
syndic要和msater在同一台机器上
通过建立top-master主机管理salt-master端及其salt-minion节点,同时可以进行salt-master主机的横向扩展,从 而通过一个或几个top-master管理多个salt-master及其salt-minion,实现大规模的集群管理。
[root@server4 ~]# vim /etc/salt/master ##更改master文件,打开文件路径
[root@server4 ~]# systemctl restart salt-master
[root@server1 ~]# vim /etc/salt/master
1058 syndic_master: 172.25.99.4
[root@server1 ~]# systemctl start salt-syndic
[root@server1 salt]# ps ax
[root@server4 ~]# salt-key -L
[root@server4 ~]# salt-key -A
[root@server4 ~]# salt-key -L
[root@server4 ~]# salt '*' test.ping ##在master端认证的Minion端
三、SSH方式远程部署,不需要安装minion服务
salt ssh 不需要minion
minion端关闭仍然执行命令
[root@server2 ~]# systemctl stop salt-minion
[root@server3 ~]# systemctl stop salt-minion
[root@server1 ~]# yum install -y salt-ssh
[root@server1 salt]# vim roster
server2:
host: 172.25.99.2
user: root
passwd: redhat
server3:
host: 172.25.99.3
user: root
passwd: redhat
[root@server1 salt]# salt-ssh '*' test.ping
[root@server1 salt]# salt-ssh '*' test.ping -i ##-i是默认yes
[root@server1 salt]# salt-ssh '*' cmd.run df
server2/3的minion服务已经关闭了,所以返回是通过ssh连接的
将之前mysql配置注释
四、Saltstack- API
http://docs.saltstack.cn/ref/netapi/all/
openssh 协议
spenssl 服务
[root@server1 ~]# yum install -y salt-api
[root@server1 certs]# pwd
/etc/pki/tls/certs
[root@server1 certs]# vim Makefile ##内部用openssl
[root@server1 private]# pwd
/etc/pki/tls/private
[root@server1 private]# ls
[root@server1 private]# openssl --help
[root@server1 private]# openssl genrsa 1024
[root@server1 private]# openssl genrsa 1024 > localhost.key
认证配置签名证书
[root@server1 certs]# make testcert #可以看到key存放的路径
编辑api.conf文件
[root@server1 master.d]# pwd
/etc/salt/master.d
[root@server1 master.d]# vim api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
编辑auth.conf文件
[root@server1 master.d]# vim auth.conf ##权限
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
添加用户,修改密码
[root@server1 master.d]# useradd saltapi
[root@server1 master.d]# passwd saltapi
重启salt-master服务,打开salt-api服务
[root@server1 master.d]# systemctl restart salt-master
[root@server1 master.d]# systemctl start salt-api
[root@server1 master.d]# netstat -antlp ##8000
真机测试,获得token
[root@foundation6 Desktop]# curl -sSk https://172.25.99.1:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=redhat -d eauth=pam
利用token号测试两台minion是否通
[root@foundation6 Desktop]# curl -sSk https://172.25.99.1:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: c12e92a1ba3763ee6948267815cdbcd8cb0cc736' -d client=local -d tgt='*' -d fun=test.ping
编辑python文件(真机),打印已有key的主机名及服务的开启
[root@foundation6 Desktop]# vim saltapi.py
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url="https://172.25.99.1:8000",username="saltapi",password="redhat")
#sapi.token_id()
#print sapi.list_all_key() #主机名
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
#sapi.deploy('test-01','nginx') ##开启服务
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()
[root@foundation6 Desktop]# python saltapi.py
[root@server3 ~]# systemctl stop nginx
[root@server3 ~]# curl localhost
[root@foundation6 Desktop]# python saltapi.py
[root@server3 ~]# curl localhost