一 saltstack简介saltStack由Python编写,为server-client模式的系统(在salstack中叫Master-Minion),自己本身支持多master,而puppet则需要依赖于web服务器。saltstack除了可以通过在节点安装客户端进行管理还支持直接通过ssh进行管理。运行模式为master端下发指令,客户端接收指令执行。saltstack依赖于zeromq消息队列,采用yaml格式编写配置文件,比较简单。支持api及自定义python模块,能轻松实现功能扩展
一 saltstack简介
saltStack由Python编写,为server-client模式的系统(在salstack中叫Master-Minion),自己本身支持多master,而puppet则需要依赖于web服务器。saltstack除了可以通过在节点安装客户端进行管理还支持直接通过ssh进行管理。运行模式为master端下发指令,客户端接收指令执行。
saltstack依赖于zeromq消息队列,采用yaml格式编写配置文件,比较简单。
支持api及自定义python模块,能轻松实现功能扩展。
二 saltstack通信机制
SaltStack 的通讯架构模型:
Salt 采用服务端-代理的通讯模型(也可以通过 SSH 方式实现非代理模式)。服务端称为 Salt master,代理端称为 Salt minion。
Salt master 负责发送命令予 Salt minion,随后收集并展示这些命令的执行结果。一台 Salt master 可以管理几千台的系统。
SaltStack 的通讯模型
Salt master 与 minion 通讯采用的是”订阅-发布“的模式。通讯的连接由 Salt minion 发起,这意味着 minion 无须开启进向的端口(注意:此方式极大地简便了网络规则的设定)。而 Salt master 的 4505 和 4506 端口(默认)必须开启,以接收外部的连接。其中端口功能如下表所示。
端口名称 描述 Publisher
(发布者)默认端口号 4505,所有的 Salt minion 通过此端口与 master 建立持续的连接,用于监听信息。master 通过此端口,以异步的方式发送命令至所有连接,从而让所有 minion 以近似同步地方式执行操作。 Request Server
(请求服务器)默认端口号 4506,为了发送执行结果至 Salt master,Salt minion 需要通过此端口连接至请求服务器(Request Server)。同时 Salt minion 也需要通过此端口安全地请求文件以及 minion 专用的数据值(该值也被称为 Salt pillar)。此端口上,Salt master 和 minion 会建立一对一的连接。
通讯模型如下图所示
三 saltstack的安装和配置
1 yum源的配置
vim /etc/yum.repos.d/dvd.repo
yum repolist
2 软件安装
在server1上:
yum install -y salt-master.noarch
systemctl enable --now salt-master.service
在server2和server3上
yum install -y salt-minion.noarch server2上
yum install -y salt-minion.noarch server3上
在server2上修改配置文件
cd /etc/salt/
vim minion
启动服务
systemctl enable --now salt-minion.service 
在server3上修改配置文件并且启动服务
cd /etc/salt/
vim minion
systemctl enable --now salt-minion.service 
在server1上:
添加server
salt-key -L
salt-key -A
salt-key -L
下载lsof
yum install -y lsof.x86_64
lsof -i :4505
安装进程查看软件
yum install -y python-setproctitle.x86_64
查看进程
systemctl restart salt-master.service
ps ax 
四 saltstack远程执行
1 远程执行shell命令
salt server? test.ping
salt server? cmd.run hostname
salt server? cmd.run uname
salt server? cmd.run 'uname -a'
salt server? pkg.version salt-minion
salt server? pkg.install 'httpd'
salt server? pkg.version 'httpd'
salt server? cmd.run 'systemctl start httpd'
salt server? service.stop httpd
2 编写远程执行模块
在server1上
cd /srv/
mkdir salt
cd salt/
mkdir /srv/salt/_modules
vim my_disk.py
cat my_disk.py
salt server2 my_disk.df
salt server2 saltutil.sync_modules 
在server2上查看模块同步
cd /var/cache/
cd salt/
tree minion/
minion/
├── extmods
│ └── modules
│ └── my_disk.py
├── files
│ └── base
│ └── _modules
│ └── my_disk.py
├── module_refresh
└── proc
6 directories, 3 files
3 了解YAML语法
YAML 是一种轻量化的数据描述语言。类似于 PHP, YAML一样具有轻量化的语法与数据类型,如字符串、布尔型、浮点型或整数型等。但不同于PHP的是,它区分数组(序列)和散列表(哈希表)
基本语法
- 大小写敏感
- 使用缩进表示层级关系
- 缩进时不允许使用Tab键,只允许使用空格。
- 缩进的空格数目不重要,只要相同层级的元素左侧对齐即可
#表示注释,从这个字符一直到行尾,都会被解析器忽略。YAML 支持的数据结构有三种。
- 对象:键值对的集合,又称为映射(mapping)/ 哈希(hashes) / 字典(dictionary)
- 数组:一组按次序排列的值,又称为序列(sequence) / 列表(list)
- 纯量(scalars):单个的、不可再分的值
4 sls文件
vim apache.sls
[root@server1 salt]# cat apache.sls
httpd:
pkg.installed
salt server2 state.sls apache
server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 00:47:08.352241
Duration: 723.533 ms
Changes:
Summary for server2
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 723.533 ms
mkdir apache
mv apache.sls apache
cd apache/
mv apache.sls ./init.sls
alt server2 state.sls apache
server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 00:50:22.089441
Duration: 686.969 ms
Changes:
Summary for server2
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 686.969 ms
[root@server1 salt]# cd apache/
[root@server1 apache]# ls
init.sls
[root@server1 apache]# scp server2:/etc/httpd/conf/httpd.conf .
root@server2's password:
httpd.conf 100% 11KB 9.6MB/s 00:00
[root@server1 apache]# ls
httpd.conf init.sls
[root@server1 apache]# vim init.sls
[root@server1 apache]# cat init.sls
apache:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/httpd.conf
service.running:
- name: httpd
- enable: true
- watch:
- file: apache
[root@server1 apache]# salt server2 state.sls apache
server2:
----------
ID: apache
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: php
The following packages were already installed: httpd
Started: 00:56:53.177370
Duration: 4292.6 ms
Changes:
----------
libzip:
----------
new:
0.10.1-8.el7
old:
php:
----------
new:
5.4.16-46.el7
old:
php-cli:
----------
new:
5.4.16-46.el7
old:
php-common:
----------
new:
5.4.16-46.el7
old:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 00:56:57.475511
Duration: 48.545 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 00:56:57.533632
Duration: 248.349 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 4.589 s
测试:
在server1上:
改变端口
修改模块:
[root@server1 apache]# cat init.sls
apache:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/httpd.conf
service.running:
- name: httpd
- enable: true
- reload: true
- watch:
- file: apache
[root@server1 apache]# salt server2 state.sls apache
server2:
----------
ID: apache
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 01:26:02.294039
Duration: 715.175 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 01:26:03.014184
Duration: 54.359 ms
Changes:
----------
diff:
---
+++
@@ -39,7 +39,7 @@
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 8080
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 01:26:03.129094
Duration: 1125.842 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 1.895 s
在server2上查看端口
[root@server2 salt]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3220/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3564/master
tcp 0 0 172.25.7.2:22 172.25.7.250:48060 ESTABLISHED 3731/sshd: root@pts
tcp 0 0 172.25.7.2:45310 172.25.7.1:4506 TIME_WAIT -
tcp 0 0 172.25.7.2:45314 172.25.7.1:4506 TIME_WAIT -
tcp 0 0 172.25.7.2:45308 172.25.7.1:4506 TIME_WAIT -
tcp 0 0 172.25.7.2:55038 172.25.7.1:4505 ESTABLISHED 9564/python
tcp 0 0 172.25.7.2:45316 172.25.7.1:4506 TIME_WAIT -
tcp 0 0 172.25.7.2:45312 172.25.7.1:4506 TIME_WAIT -
tcp6 0 0 :::8080 :::* LISTEN 19125/httpd
tcp6 0 0 :::22 :::* LISTEN 3220/sshd
tcp6 0 0 ::1:25 :::* LISTEN 3564/master
端口已经改变
687
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
