文章目录
1、pillar
pillar简介
pillar和grains一样也是一个数据系统,但是应用场景不同。
pillar是将信息动态的存放在master端,主要存放私密、敏感信息(如用户名密码等),而且可以指定某一个minion才可以看到对应的信息。
pillar更加适合在配置管理中运用,在运行的过程中直接生效,即改即生效,在master上定义完就能用,不用像grains同步到minion上。
官方文档:
http://docs.saltstack.cn/contents.html
http://docs.saltstack.cn/topics/pillar/index.html
声明pillar
默认路径是/srv/pillar,grains默认路径/srv/slat/所有文件都会被推倒minion端。
[root@server1 apache]# vim /etc/salt/master ##查看信息
自定义pillar项
[root@server1 apache]# vim /etc/salt/master ##查看信息 默认路径是/srv/pillar,grains默认路径/srv/slat/所有文件都会被推倒minion端,
[root@server1 apache]# mkdir /srv/pillar ##pillar单独存放在master上,单独存放。
[root@server1 apache]# cd /srv/pillar/
[root@server1 pillar]# ls
[root@server1 pillar]# vim package.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
{% elif grains['fqdn'] == 'server2' %}
package: mairadb
{% endif %}
[root@server1 pillar]# vim top.sls ##哪些主机去用这个变量
base:
'*':
- package
[root@server1 pillar]# salt '*' pillar.items
[root@server1 pillar]# salt '*' pillar.items package ##匹配不到
[root@server1 pillar]# salt '*' saltutil.refresh_pillar ##命令行中调用需要刷新pillar数据,直接跑配置不需要刷新
[root@server1 pillar]# salt '*' pillar.item package
pillar数据匹配
[root@server1 pillar]# salt -I package:httpd test.ping
[root@server1 pillar]# vim package.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
{% elif grains['fqdn'] == 'server2' %}
port: 80
bind: 192.168.0.2
{% endif %}
[root@server1 etc]# cd /srv/salt/apache/
[root@server1 apache]# vim init.sls
13 port: {{ pillar['port'] }}
14 bind: {{ pillar['bind'] }}
[root@server1 apache]# salt server2 state.sls apache
[root@server2 html]# cat /etc/httpd/conf/httpd.conf
Listen 192.168.0.2:80
[root@server1 apache]# vim init.sls
port: {{ pillar['port'] }}
bind: {{ grains['ipv4'][-1] }}
[root@server1 apache]# salt server2 state.sls apache
[root@foundation50 qq]# curl 192.168.0.2
RedHat - server2
192.168.0.2
Jinja模板使用方式
[root@server1 apache]# pwd
/srv/salt/apache
[root@server1 apache]# vim lib.sls
{% set port = 8080 %} ##定义变量文件
[root@server1 apache]# cd files/
[root@server1 files]# vim httpd.conf
1 {% from 'apache/lib.sls' import port %} ##导入模板文件
43 Listen {{ bind }}:{{ port }}
[root@server1 files]# cd ..
[root@server1 apache]# salt server2 state.sls apache
变量文件优先级高
2、keepalived模块
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# mkdir keepalived
[root@server1 salt]# cd keepalived/
[root@server1 keepalived]# vim init.sls
kp-install:
pkg.installed:
- name: keepalived
[root@server1 keepalived]# salt server2 state.sls keepalived
[root@server1 keepalived]# vim /srv/pillar/package.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
state: BACKUP
vrid: 51
pri: 50
{% elif grains['fqdn'] == 'server2' %}
port: 80
bind: 192.168.0.2
state: MASTER
vrid: 51
pri: 100
{% endif %}
[root@server1 keepalived]# vim init.sls
kp-install:
pkg.installed:
- name: keepalived
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state'] }}
VRID: {{ pillar['vrid'] }}
PRI: {{ pillar['pri'] }}
service.running:
- name: keepalived
- enable: true
- reload: true
- watch:
- file: kp-install
[root@server1 keepalived]# mkdir files
[root@server1 keepalived]# cd files/
[root@server1 files]# scp server2:/etc/keepalived/keepalived.conf .
[root@server1 files]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRI }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.101
}
}
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# vim top.sls
base:
'roles:apache':
- match: grain
- apache
- keepalived
'roles:nginx':
- match: grain
- nginx
- keepalived
[root@server1 salt]# cd apache/ ##将端口转换成80,方便实验
[root@server1 apache]# vim files/httpd.conf
{% from 'apache/lib.sls' import port %} ##删除第一行
Listen {{ port }}
[root@server1 salt]# salt '*' state.highstate
[root@foundation file_recv]# curl 192.168.0.101
RedHat - server2
192.168.0.2
[root@server2 keepalived]# systemctl stop keepalived
[root@foundation file_recv]# curl 192.168.0.101
<title>Welcome to nginx!</title>
[root@server1 salt]# salt '*' state.highstate
[root@foundation file_recv]# curl 192.168.0.101
RedHat - server2
192.168.0.101
init.sls
package.sls
3、zabbix监控
远程安装zabbix
[root@server1 apache]# cd /srv/salt/
[root@server1 salt]# mkdir zabbix-server
[root@server1 salt]# cd zabbix-server/
[root@server1 zabbix-server]# ls
[root@server1 zabbix-server]# vim init.sls
zabbix-server:
pkgrepo.managed:
- name: zabbix
- humanname: zabbix 4.0
- baseurl: http://192.168.0.100/zabbix/4.0
- gpgcheck: 0
[root@server1 zabbix-server]# salt server2 state.sls zabbix-server
响应
[root@server2 yum.repos.d]# yum repolist
mysql
安装
[root@server1 salt]# mkdir mysql
[root@server1 mysql]# vim init.sls
mysql-install:
pkg.installed:
- pkgs:
- mariadb-server
- MySQL-python
[root@server1 mysql]# salt server3 state.sls mysql
[root@server1 mysql]# vim init.sls
mysql-install:
pkg.installed:
- pkgs:
- mariadb-server
- MySQL-python
file.managed:
- name: /etc/my.cnf
- source: salt://mysql/files/my.cnf
service.running:
- name: mariadb
- enable: true
- watch:
- file: mysql-install
[root@server1 mysql]# mkdir files
[root@server1 mysql]# cd files/
[root@server1 files]# scp server3:/etc/my.cnf .
[root@server1 files]# vim my.cnf ##添加行
11 log-bin=mysql-bin
12 character-set-server=utf8
[root@server1 mysql]# salt server3 state.sls mysql
响应
[root@server3 conf]# mysql
MariaDB [(none)]> show variables like 'char%';
创建用户
[root@server1 mysql]# vim init.sls ##添加行
mysql-config:
mysql_database.present:
- name: zabbix
mysql_user.present:
- name: zabbix
- host: '%'
- password: "westos"
[root@server1 mysql]# salt server3 state.sls mysql
响应
[root@server3 ~]# mysql
MariaDB [(none)]> show variables like 'char%';
MariaDB [(none)]> select * from mysql.user;
[root@foundation50 ~]# mysql -h 192.168.0.3 -u zabbix -p
Enter password: westos
授权
[root@server2 yum.repos.d]# cd /usr/share/doc/zabbix-server-mysql-4.0.5/
[root@server2 zabbix-server-mysql-4.0.5]# scp create.sql.gz server1:/srv/salt/mysql/files/
[root@server1 files]# gunzip create.sql.gz
[root@server1 files]# ls
create.sql my.cnf
[root@server1 mysql]# vim init.sls ##添加行
mysql_grants.present:
- grant: all privileges
- database: zabbix.*
- user: zabbix
- host: '%' ##授予的用户
file.managed:
- name: /mnt/create.sql
- source: salt://mysql/files/create.sql
cmd.run:
- name: mysql zabbix < /mnt/create.sql && touch /mnt/zabbix.lock
- creates: /mnt/zabbix.lock
[root@server1 mysql]# salt server3 state.sls mysql
响应
[root@server3 ~]# cd /mnt
[root@server3 mnt]# ls
create.sql zabbix.lock
[root@server3 ~]# mysql
MariaDB [(none)]> use zabbix
MariaDB [zabbix]> show tables;
zabbix部署
[root@server1 zabbix-server]# mkdir files
[root@server1 zabbix-server]# vim init.sls
zabbix-server:
pkgrepo.managed:
- name: zabbix
- humanname: zabbix 4.0
- baseurl: http://192.168.0.100/zabbix/4.0
- gpgcheck: 0
pkg.installed:
- pkgs:
- zabbix-server-mysql
- zabbix-agent
- zabbix-web-mysql
file.managed:
- name: /etc/zabbix/zabbix_server.conf
- source: salt://zabbix-server/files/zabbix_server.conf
service.running:
- name: zabbix-server
- enable: true
- watch:
- file: zabbix-server
zabbix-agent:
service.running
[root@server1 zabbix-server]# cd files/
[root@server1 files]# scp server2:/etc/zabbix/zabbix_server.conf .
[root@server1 files]# vim zabbix_server.conf
91 DBHost=192.168.0.3
124 DBPassword=westos
[root@server1 zabbix-server]# salt server2 state.sls zabbix-server
响应:
[root@server2 ~]# yum install -y mariadb
[root@server2 zabbix]# mysql -h 192.168.0.3 -u zabbix -p
MariaDB [(none)]> use zabbix
MariaDB [zabbix]> show tables;
web前端
[root@server2 zabbix]# cd /etc/httpd/conf.d/
[root@server2 conf.d]# scp zabbix.conf server1:/srv/salt/zabbix-server/files
[root@server1 files]# vim zabbix.conf
php_value date.timezone Asia/Shanghai
[root@server1 zabbix-server]# vim init.sls ##添加行
zabbix-web:
file.managed:
- name: /etc/httpd/conf.d/zabbix.conf
- source: salt://zabbix-server/files/zabbix.conf
service.running:
- name: httpd
- enable: true
- watch:
- file: zabbix-web
[root@server1 zabbix-server]# salt server2 state.sls zabbix-server
## 访问http://192.168.0.2/zabbix 填写信息做初始化, web的初始文件最终保存在了zabbix.conf.php内,
[root@server2 web]# pwd
/etc/zabbix/web
[root@server2 web]# ls
maintenance.inc.php zabbix.conf.php
[root@server2 web]# scp zabbix.conf.php server1:/srv/salt/zabbix-server/files
[root@server2 web]# mv zabbix.conf.php /mnt/
[root@server1 zabbix-server]# vim init.sls ##添加行
/etc/zabbix/web/zabbix.conf.php:
file.managed:
- source: salt://zabbix-server/files/zabbix.conf.php
[root@server1 zabbix-server]# salt server2 state.sls zabbix-server
[root@server2 web]# ls #重新生成初始化文件
maintenance.inc.php zabbix.conf.php
[root@server1 salt]# vim top.sls
base:
'roles:apache':
- match: grain
- apache
- keepalived
- zabbix-server
'roles:nginx':
- match: grain
- nginx
- keepalived
- mysql
[root@server1 salt]# salt '*' state.highstate
4、job管理
Job简介
master在下发指令任务时,会附带上产生的jid。
minion在接收到指令开始执行时,会在本地的/var/cache/salt/minion/proc目录下产生该jid命名的文件,用于在执行过程中master查看当前任务的执行情况。
指令执行完毕将结果传送给master后,删除该临时文件。
Job cache
Job缓存默认保存24小时:
# cat /etc/salt/master ##默认值
keep_jobs: 24
master端Job缓存目录:
/var/cache/salt/master/jobs
把Job存储到数据库
minion直接存储到mysql
默认存储到master一份
[root@server1 salt]# ll -d /var/cache/salt/master/jobs/
drwxr-xr-x 86 root root 4096 Jul 16 13:45 /var/cache/salt/master/jobs/
存储到数据库
[root@server1 ~]# yum install -y mariadb-server
[root@server1 ~]# systemctl start mariadb
[root@server3 mnt]# rpm -q MySQL-python
MySQL-python-1.2.5-1.el7.x86_64
[root@server3 ~]# vim /etc/salt/minion ##900行处添加
mysql.host: '192.168.0.1'
mysql.user: 'salt'
mysql.pass: 'westos'
mysql.db: 'salt'
mysql.port: 3306
[root@server3 ~]# systemctl restart salt-minion
[root@server1 ~]# mysql
MariaDB [(none)]> create database salt;
MariaDB [(none)]> grant all on salt.* to salt@'%' identified by 'westos';
[root@server3 ~]# mysql -h 192.168.0.1 -u salt -p salt
MariaDB [salt]> show tables;
server1上配置,写了一个数据库的简单配置(salt官网的例子)
[root@server1 ~]# mysql
MariaDB [(none)]> show variables like 'char%';
MariaDB [(none)]> drop database salt;
[root@server1 ~]# vim salt.sql
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
[root@server1 ~]# mysql < salt.sql ##导入数据库
mysql 中需要授权给server3
[root@server1 ~]# salt server3 test.ping --return mysql
server3:
True
[root@server1 ~]# salt server3 cmd.run df --return mysql
[root@server1 ~]# mysql
MariaDB [(none)]> use salt
MariaDB [salt]> show tables;
MariaDB [salt]> select * from salt_returns;
测试
直接改动master 将数据存储到数据库
将master中的job数据直接存储到数据库,将 job cache直接改成mysql数据库,mysql负责存储cache。
/var/cache/salt/master/jobs/
[root@server1 ~]# vim /etc/salt/master ##在文件最后添加
master:
master_job_cache: mysql
mysql.host: 'localhost'
mysql.user: 'salt'
mysql.pass: 'westos'
mysql.db: 'salt'
mysql.port: 3306
[root@server1 ~]# yum install -y MySQL-python
[root@server1 ~]# mysql
MariaDB [(none)]> grant all on salt.* to salt@'localhost' identified by 'westos';
[root@server1 ~]# mysql -u salt salt -p
MariaDB [(none)]> use salt
MariaDB [(none)]> show tables;
[root@server1 ~]# systemctl restart salt-master
[root@server1 ~]# lsof -i : 4505
[root@server1 ~]# salt '*' test.ping
[root@server1 ~]# salt '*' mydisk.df
[root@server1 ~]# mysql
MariaDB [(none)]> use salt
MariaDB [salt]> select * from salt_returns\G;
检测重启后是否连接成功
5、salt-ssh、salt-syndic、 salt-api配置
salt-ssh配置
- salt-ssh可以独立运行的,不需要minion端。
salt-ssh 用的是sshpass进行密码交互的。
以串行模式工作,性能下降。
安装salt-ssh:
# yum install -y salt-ssh
- 一般不使用
- 配置roster文件,默认的本地路径是 /etc/salt/roster: ##可以写多个host
server2:
host: 172.25.0.2
user: root
测试:
# salt-ssh '*' test.ping -i //询问密码加 -i ,*表示文件中的host
# vim ~/.ssh/config
StrictHostKeyChecking no
配置roster文件
[root@server1 ~]# yum install -y salt-ssh
[root@server1 ~]# vim /etc/salt/roster ##默认的本地路径
server2:
host: 192.168.0.2
user: root
passwd: westos
[root@server2 ~]# systemctl stop salt-minion
测试:
[root@server1 ~]# lsof -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 3408 root 15u IPv4 326121 0t0 TCP *:4505 (LISTEN)
/usr/bin/ 3408 root 17u IPv4 326326 0t0 TCP server1:4505->server3:39960 (ESTABLISHED)
[root@server1 ~]# salt-ssh '*' test.ping
[root@server1 ~]# salt-ssh '*' cmd.run df
[root@server2 web]# systemctl start salt-minion
salt-syndic配置
如果大家知道zabbix proxy的话那就很容易理解了,syndic其实就是个代理,隔离master与minion。
Syndic必须要运行在master上,再连接到另一个topmaster上。
Topmaster 下发的状态需要通过syndic来传递给下级master,minion传递给master的数据也是由syndic传递给topmaster。
topmaster并不知道有多少个minion。
syndic与topmaster的file_roots和pillar_roots的目录要保持一致。
- user ---> top master(中心master) --> (syndic --> master)(同一台主机) --> minion 原理路线
[root@server1 yum.repos.d]# scp salt-3000.repo server4:/etc/yum.repos.d/
[root@server1 ~]# yum install -y salt-syndic
[root@server4 ~]# yum install -y salt-master
topmaster端:
[root@server4 ~]# vim /etc/salt/master
1047 order_masters: True #作为顶级master
[root@server4 ~]# systemctl enable --now salt-master
syndic的设置 下级master端:
[root@server1 ~]# vim /etc/salt/master
1051 syndic_master: 192.168.0.4 #指向topmaster
[root@server1 ~]# systemctl restart salt-master
[root@server1 ~]# systemctl enable --now salt-syndic.service
[root@server4 ~]# salt-key -A
[root@server4 ~]# salt-key -L #查看下级master的连接授权
[root@server4 ~]# salt '*' test.ping
server2:
True
server3:
True
salt-api
salt-api配置
- SaltStack 官方提供有REST API格式的 salt-api 项目,将使Salt与第三方系统集成变得尤为简单。
官方提供了三种api模块:
rest_cherrypy
rest_tornado
rest_wsgi
## 1.安装salt-api
[root@server1 ~]# yum install -y salt-api ##安装salt-api
## 2. 生成证书
[root@server1 certs]# cd /etc/pki/tls/private/
[root@server1 private]# openssl genrsa 1024
[root@server1 private]# openssl genrsa 1024 > localhost.key
[root@server1 private]# cd ..
[root@server1 tls]# cd certs/
[root@server1 certs]# ls
ca-bundle.crt ca-bundle.trust.crt localhost.key make-dummy-cert Makefile renew-dummy-cert
[root@server1 certs]# make testcert ##生成证书
[root@server1 certs]# ll localhost.crt ##生成证书
-rw------- 1 root root 1038 Jan 25 07:05 localhost.crt
[root@server1 certs]# ls
ca-bundle.crt localhost.crt make-dummy-cert renew-dummy-cert
ca-bundle.trust.crt localhost.key Makefile
## 3. 激活rest_cherrypy模块:
[root@server1 certs]# cd /etc/salt/master.d/
[root@server1 master.d]# ls
[root@server1 master.d]# vim api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
## 4. 创建用户认证文件:
[root@server1 master.d]# vim auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
[root@server1 master.d]# useradd saltapi
[root@server1 master.d]# passwd saltapi
## 5. 重启服务:
[root@server1 master.d]# systemctl restart salt-master
[root@server1 master.d]# systemctl enable --now salt-api
salt-api使用
- 获取认证token:
# curl -sSk https://localhost:8000/login \
-H 'Accept: application/x-yaml' \
-d username=saltapi \
-d password=westos \
-d eauth=pam
- 推送任务: token值是上面命令获取的toekn值。
# curl -sSk https://localhost:8000 \
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: xxxxxxxxxxxxxxxxxxxxxxxx'\
-d client=local \
-d tgt='*' \
-d fun=test.ping
[root@server1 master.d]# netstat -antlp | grep :8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 12528/salt-api
tcp 0 0 127.0.0.1:40562 127.0.0.1:8000 TIME_WAIT -
[root@server1 master.d]# curl -sSk https://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=westos -d eauth=pam
[root@server1 master.d]# curl -sSk https://localhost:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: b3d54f7b679aff1783794261b9deec5b485b2d32' -d client=local -d tgt='*' -d fun=test.ping
拓展 https://github.com/binbin91/oms/
[root@server1 ~]# vim saltapi.py
[root@server1 ~]# python saltapi.py
[root@server2 ~]# systemctl stop httpd
[root@server2 ~]# netstat -antlp | grep :80
tcp6 0 0 :::80 :::* LISTEN 4360/httpd
sapi.deploy(‘server2’,‘apache’) ## 没有回传信息
print sapi.deploy(‘server2’,‘apache’) ##有回传信息
[root@server1 ~]# vim saltapi.py
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url='https://192.168.0.1:8000',username='saltapi',password='westos')
#sapi.token_id()
#print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
sapi.deploy('server2','apache')
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()