Job简介
master在下发指令任务时,会附带上产生的jid。
minion在接收到指令开始执行时,会在本地的/var/cache/salt/minion/proc目录下产生该jid命名的文件,用于在执行过程中master查看当前任务的执行情况。
指令执行完毕将结果传送给master后,删除该临时文件
存储到数据库
[root@server6 ~]# yum install -y mariadb-server
[root@server6 ~]# systemctl start mariadb
[root@server7 ~]# rpm -q MySQL-python
MySQL-python-1.2.5-1.el7.x86_64
[root@server7 ~]# vim /etc/salt/minion
mysql.host: '172.25.16.6'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
[root@server7 ~]# systemctl restart salt-minion
[root@server6 ~]# mysql_secure_installation
[root@server6 ~]# mysql -pwestos
MariaDB [(none)]> grant all on salt.* to salt@'%' identified by 'salt';
MariaDB [(none)]> grant all on salt.* to salt@'%' identified by 'salt;
[root@server6 ~]# vim test.sql
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#CREATE INDEX jid ON jids(jid) USING BTREE;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
[root@server1 ~]# mysql < test.sql
[root@server6 ~]# salt server7 test.ping --return mysql
server7:
True
[root@server6 ~]# salt server7 cmd.run df --return mysql
[root@server6 ~]# mysql
MariaDB [(none)]> use salt
MariaDB [salt]> show tables;
MariaDB [salt]> select * from salt_returns;
直接改动master 将数据存储到数据库
[root@server6 ~]# vim /etc/salt/master
master_job_cache: mysql
mysql.host: 'localhost'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
[root@server6 ~]# yum install -y MySQL-python.x86_64
[root@server6 ~]# mysql
MariaDB [(none)]> grant all on salt.* to salt@'localhost' identified by 'westos';
[root@server6 ~]# mysql -u salt salt -p
MariaDB [(none)]> use salt
MariaDB [(none)]> show tables;
[root@server6 ~]# systemctl restart salt-master.service
[root@server6 ~]# lsof -i :4505
[root@server6 ~]# salt server7 test.ping --return mysql
server7:
True
[root@server6 ~]# salt server7 cmd.run df --return mysql
[root@server6 ~]# mysql -pwestos
MariaDB [(none)]> use salt
MariaDB [salt]> select * from salt_returns\G;
salt-ssh、salt-syndic、 salt-api配置
[root@server6 salt]# yum install -y salt-ssh.noarch
[root@server6 salt]# cd /etc/salt/
[root@server6 salt]# vim roster
server8:
host: 172.25.16.8
user: root
passwd: westos
[root@server8 ~]# systemctl stop salt-minion.service
[root@server6 salt]# lsof -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 18504 root 15u IPv4 67584 0t0 TCP *:4505 (LISTEN)
/usr/bin/ 18504 root 18u IPv4 68014 0t0 TCP server6:4505->server7:35736 (ESTABLISHED)
[root@server8 ~]# systemctl restart salt-minion.service
salt-syndic配置
[root@server5 ~]# vim /etc/yum.repos.d/server.repo
[server]
name=server
baseurl=http://172.25.254.16/westos
gpgcheck=0
[zabbix]
name=zabbix
baseurl=http://172.25.254.16/4.0
gpgcheck=0
[salt]
name=salt
baseurl=http://172.25.254.16/3000
gpgcheck=0
[root@server5 ~]# yum install -y salt-master
[root@server6 salt]# yum install -y salt-syndic
topmaster端:
1047: order_masters: True
[root@server6 salt]# vim /etc/salt/master
syndic_master: 172.25.16.5
[root@server6 salt]# systemctl enable --now salt-syndic.service
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-syndic.service to /usr/lib/systemd/system/salt-syndic.service.
[root@server5 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server6
Proceed? [n/Y] Y
Key for minion server6 accepted.
[root@server5 salt]# salt-key -L
Accepted Keys:
server6
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server5 salt]# salt '*' test.ping
[root@server5 salt]# salt '*' test.ping
server7:
True
server8:
True
salt-api
1.安装salt-api
[root@server6 salt]# yum install -y salt-api
2.生成证书
[root@server6 salt]# cd /etc/pki/tls/private/
[root@server6 private]# openssl genrsa 1024
[root@server6 private]# cd ..
[root@server6 tls]# cd certs/
[root@server6 certs]# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
[root@server6 certs]# make testcert
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server6
Email Address []:root@localhost
[root@server6 certs]# ll localhost.crt
-rw------- 1 root root 1038 Jul 18 14:18 localhost.crt
[root@server6 certs]# ls
ca-bundle.crt localhost.crt Makefile
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@server6 certs]# cd /etc/salt/master.d/
[root@server6 master.d]# vim auth.conf
[root@server6 master.d]# vim auth.conf
[root@server6 master.d]# useradd saltapi
[root@server6 master.d]# echo westos | passwd --stdin saltapi
[root@server6 master.d]# systemctl restart salt-master.service
[root@server6 master.d]# systemctl enable --now salt-api
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-api.service to /usr/lib/systemd/system/salt-api.service.
[root@server6 master.d]# cat api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
[root@server6 master.d]# cat auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
salt-api 使用
获取认证token:
[root@server6 master.d]# curl -sSk https://172.25.16.6:8000/login \
> -H 'Accept: application/x-yaml' \
> -d username=saltapi \
> -d password=westos \
> -d eauth=pam
return:
- eauth: pam
expire: 1626634288.40033
perms:
- .*
- '@wheel'
- '@runner'
- '@jobs'
start: 1626591088.400329
token: 4d127efde408ef8578d45bf180d16ec7c17de9fa
user: saltapi
推送任务: token值是上面命令获取的toekn值
[root@server6 master.d]# curl -sSk https://localhost:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 4d127efde408ef8578d45bf180d16ec7c17de9fa' \
> -d client=local \
> -d tgt='*' \
> -d fun=test.ping
return:
- server7: true
server8: true
[root@server6 master.d]# netstat -antlp | grep :8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 27064/salt-api
tcp 0 0 127.0.0.1:56026 127.0.0.1:8000 TIME_WAIT -
拓展
[root@server6 master.d]# vim saltapi.py
[root@server7 ~]# systemctl stop httpd.service
[root@server6 master.d]# python saltapi.py
[root@server7 ~]# netstat -antlp