最新版实战 Latest release: 3000 (February 10, 2020)
参考saltStack官方文档
ON THE SALT MASTER
Run these commands on the system that you want to use as the central management point.
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M
Your Salt master can manage itself, so a Salt minion is installed along with the Salt master. If you do not want to install the minion, also pass the -N option.ON EACH SALT MINION
Run these commands on each system that you want to manage using Salt.
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P实战配置服务器如下
master 192.168.0.120 centos120
node1 192.168.0.121 centos121
node2 192.168.0.122 centos122以上三台服务均关闭selinux ,firewalld,设置/etc/hosts ,也就是它们可以hostname相互访问,且可以访问互联网,这些简单操作就不在这里展示步骤了。
1.下面开始安装
在master 端
[root@centos120 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 283k 100 283k 0 0 51683 0 0:00:05 0:00:05 --:--:-- 70732
[root@centos120 ~]# ll install_salt.sh
-rw-r--r-- 1 root root 290571 Mar 8 13:09 install_salt.sh
[root@centos120 ~]#
[root@centos120 ~]# sh install_salt.sh -P -M
* INFO: Running version: 2020.02.24
* INFO: Executed by: sh
* INFO: Command line: 'install_salt.sh -P -M'
* INFO: System Information:
* INFO: CPU: GenuineIntel
* INFO: CPU Arch: x86_64
* INFO: OS Name: Linux
* INFO: OS Version: 3.10.0-957.el7.x86_64
* INFO: Distribution: CentOS 7.6
* INFO: Installing minion
* INFO: Installing master
* INFO: Found function install_centos_stable_deps
* INFO: Found function config_salt
* INFO: Found function preseed_master
* INFO: Found function install_centos_stable
* INFO: Found function install_centos_stable_post
* INFO: Found function install_centos_restart_daemons
* INFO: Found function daemons_running
* INFO: Found function install_centos_check_services
* INFO: Running install_centos_stable_deps()
.......
Installed:
salt-master.noarch 0:3000-1.el7 salt-minion.noarch 0:3000-1.el7
Dependency Installed:
libsodium.x86_64 0:1.0.18-1.el7
libtomcrypt.x86_64 0:1.17-26.el7
libtommath.x86_64 0:0.42.0-6.el7
openpgm.x86_64 0:5.2.122-2.el7
python-babel.noarch 0:0.9.6-8.el7
python-backports_abc.noarch 0:0.5-11.el7
python-jinja2.noarch 0:2.7.2-4.el7
python-markupsafe.x86_64 0:0.11-10.el7
python-requests.noarch 0:2.6.0-8.el7_7
python-singledispatch.noarch 0:3.4.0.3-16.el7
python-six.noarch 0:1.9.0-2.el7
python-urllib3.noarch 0:1.10.2-7.el7
python-zmq.x86_64 0:15.3.0-3.el7
python2-crypto.x86_64 0:2.6.1-16.el7
python2-futures.noarch 0:3.1.1-5.el7
python2-msgpack.x86_64 0:0.6.2-2.el7
python2-psutil.x86_64 0:5.6.7-1.el7
salt.noarch 0:3000-1.el7
systemd-python.x86_64 0:219-67.el7_7.3
zeromq.x86_64 0:4.1.4-7.el7
Dependency Updated:
python-setuptools.noarch 0:36.6.0-2.ius.el7
systemd.x86_64 0:219-67.el7_7.3
systemd-libs.x86_64 0:219-67.el7_7.3
systemd-sysv.x86_64 0:219-67.el7_7.3
Complete!
* INFO: Running install_centos_stable_post()
* INFO: Running install_centos_check_services()
* INFO: Running install_centos_restart_daemons()
* INFO: Running daemons_running()
* INFO: Salt installed!
[root@centos120 ~]# 从上面可以知道其安装了那些包,到此处master 端安装成功,也就是管理节点。
- 下面开始安装minion节点,也就是需要管理的节点(在生产环境中,如web服务节点,数据库节点,存储节点,这些需要批量发布代码,配置等等服务器)
[root@centos121 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh
[root@centos121 ~]# ll install_salt.sh
-rw-r--r-- 1 root root 290571 Mar 8 13:13 install_salt.sh
[root@centos121 ~]#
[root@centos121 ~]# sh install_salt.sh -P
* INFO: Running version: 2020.02.24
* INFO: Executed by: sh
* INFO: Command line: 'install_salt.sh -P'
* INFO: System Information:
* INFO: CPU: GenuineIntel
* INFO: CPU Arch: x86_64
* INFO: OS Name: Linux
* INFO: OS Version: 3.10.0-957.el7.x86_64
* INFO: Distribution: CentOS 7.6
* INFO: Installing minion
* INFO: Found function install_centos_stable_deps
* INFO: Found function config_salt
* INFO: Found function preseed_master
* INFO: Found function install_centos_stable
* INFO: Found function install_centos_stable_post
* INFO: Found function install_centos_restart_daemons
* INFO: Found function daemons_running
* INFO: Found function install_centos_check_services
* INFO: Running install_centos_stable_deps()
.............
Installed:
salt-minion.noarch 0:3000-1.el7
Dependency Installed:
libsodium.x86_64 0:1.0.18-1.el7
libtomcrypt.x86_64 0:1.17-26.el7
libtommath.x86_64 0:0.42.0-6.el7
openpgm.x86_64 0:5.2.122-2.el7
python-babel.noarch 0:0.9.6-8.el7
python-backports.x86_64 0:1.0-8.el7
python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7
python-backports_abc.noarch 0:0.5-11.el7
python-ipaddress.noarch 0:1.0.16-2.el7
python-jinja2.noarch 0:2.7.2-4.el7
python-markupsafe.x86_64 0:0.11-10.el7
python-requests.noarch 0:2.6.0-8.el7_7
python-setuptools.noarch 0:36.6.0-2.ius.el7
python-singledispatch.noarch 0:3.4.0.3-16.el7
python-six.noarch 0:1.9.0-2.el7
python-urllib3.noarch 0:1.10.2-7.el7
python-zmq.x86_64 0:15.3.0-3.el7
python2-crypto.x86_64 0:2.6.1-16.el7
python2-futures.noarch 0:3.1.1-5.el7
python2-msgpack.x86_64 0:0.6.2-2.el7
python2-psutil.x86_64 0:5.6.7-1.el7
salt.noarch 0:3000-1.el7
systemd-python.x86_64 0:219-67.el7_7.3
zeromq.x86_64 0:4.1.4-7.el7
Dependency Updated:
systemd.x86_64 0:219-67.el7_7.3 systemd-libs.x86_64 0:219-67.el7_7.3
systemd-sysv.x86_64 0:219-67.el7_7.3
Complete!
* INFO: Running install_centos_stable_post()
* INFO: Running install_centos_check_services()
* INFO: Running install_centos_restart_daemons()
* INFO: Running daemons_running()
* INFO: Salt installed!
[root@centos121 ~]# 同理centos122节点minion,到此处minion 端安装完成。
3.下面开始配置
配置之前需要了解的知识点:
saltstack简单介绍
Saltstack是一种全新的基础设施管理方式,是一个服务器基础架构集中化管理平台,几分钟内便可运行起来,速度够快,服务器之间秒级通讯,扩展性好,很容易批量管理上万台服务器,显著降低人力与运维成本;它具备配置管理、远程执行、监控等功能,一般可以理解为简化版的puppet和加强版的func;通过部署SaltStack环境,可以在成千上万台服务器上做到批量执行命令,根据不同业务特性进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)(SaltStack的通信模式总共分为2种模式:ZeroMQ、REAT,鉴于REAT目前还不是太稳定,通常会选择ZeroMQ模式)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。
Saltstack运行模式:
Local:本地,一台机器玩,不建议。
Master/Minion:通过server/agent的方式进行管理,效率很高(批量管理1000台机器,25秒搞定)。
Salt SSH:通过SSH方式进行管理,效率相对来说比较低(批量管理1000台机器,83秒搞定)。
Saltstack三大功能:
远程执行(执行远程命令)
配置管理(状态管理)
云管理
Saltstack特征:
1)部署简单、方便;
2)支持大部分UNIX/Linux及Windows环境;
3)主从集中化管理;
4)配置简单、功能强大、扩展性强;
5)主控端(master)和被控端(minion)基于证书认证,安全可靠;
6)支持API及自定义模块,可通过Python轻松扩展。
Master与Minion认证:
1)minion在第一次启动时,会在/etc/salt/pki/minion/(该路径在/etc/salt/minion里面设置)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。
2)master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的 public key,然后master就能对minion发送指令了。
Master与Minion的连接:
1)SaltStack master启动后默认监听4505和4506两个端口。4505(publish_port)为saltstack的消息发布系统,4506(ret_port)为saltstack客户端与服务端通信的端口。如果使用lsof 查看4505端口,会发现所有的minion在4505端口持续保持在ESTABLISHED状态。
2)minion与master之间的通信模式如下:
现在开始配置,
先查看服务端安装了那些文件:
[root@centos120 ~]# ll /etc/salt/
total 132
-rw------- 1 root root 2927 Feb 2 07:15 cloud
drwx------ 2 root root 6 Feb 5 02:46 cloud.conf.d
drwx------ 2 root root 6 Feb 5 02:46 cloud.deploy.d
drwx------ 2 root root 6 Feb 5 02:46 cloud.maps.d
drwx------ 2 root root 6 Feb 5 02:46 cloud.profiles.d
drwx------ 2 root root 6 Feb 5 02:46 cloud.providers.d
-rw-r----- 1 root root 51534 Feb 2 07:15 master
drwxr-xr-x 2 root root 6 Feb 5 02:46 master.d
-rw-r----- 1 root root 37370 Feb 2 07:15 minion
drwxr-xr-x 2 root root 6 Feb 5 02:46 minion.d
-rw-r--r-- 1 root root 9 Mar 8 13:13 minion_id
drwxr-xr-x 4 root root 34 Mar 8 13:13 pki
-rw-r----- 1 root root 28289 Feb 2 07:15 proxy
drwxr-xr-x 2 root root 6 Feb 5 02:46 proxy.d
-rw-r----- 1 root root 344 Feb 2 07:15 roster
[root@centos120 ~]# minion 端安装了什么文件
[root@centos121 ~]# ll /etc/salt/
total 132
-rw------- 1 root root 2927 Feb 2 07:15 cloud
drwx------ 2 root root 6 Feb 5 02:46 cloud.conf.d
drwx------ 2 root root 6 Feb 5 02:46 cloud.deploy.d
drwx------ 2 root root 6 Feb 5 02:46 cloud.maps.d
drwx------ 2 root root 6 Feb 5 02:46 cloud.profiles.d
drwx------ 2 root root 6 Feb 5 02:46 cloud.providers.d
-rw-r----- 1 root root 51534 Feb 2 07:15 master
drwxr-xr-x 2 root root 6 Feb 5 02:46 master.d
-rw-r----- 1 root root 37370 Feb 2 07:15 minion
drwxr-xr-x 2 root root 6 Feb 5 02:46 minion.d
-rw-r--r-- 1 root root 9 Mar 8 13:45 minion_id
drwxr-xr-x 4 root root 34 Mar 8 13:45 pki
-rw-r----- 1 root root 28289 Feb 2 07:15 proxy
drwxr-xr-x 2 root root 6 Feb 5 02:46 proxy.d
-rw-r----- 1 root root 344 Feb 2 07:15 roster
[root@centos121 ~]# 配置主控端:
[root@centos120 salt]# cp -p master master.bk.20200308
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308
15c15
< interface: 192.168.0.120
---
> #interface: 0.0.0.0
[root@centos120 salt]# 配置minion端,一共有3个minion:
[root@centos120 salt]# cp -p minion minion.bk.20200308
[root@centos120 salt]# diff minion minion.bk.20200308
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos120 salt]#
[root@centos121 salt]# cp -p minion minion.bk.20200308
[root@centos121 salt]# diff minion minion.bk.20200308
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos121 salt]#
[root@centos122 salt]# cp -p minion minion.bk.20200308
[root@centos122 salt]# diff minion minion.bk.20200308
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos122 salt]# 启动master端 服务:
[root@centos120 salt]# systemctl start salt-master
[root@centos120 salt]# systemctl status salt-master
● salt-master.service - The Salt Master Server
Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-03-08 13:13:55 CST; 1h 3min ago
Docs: man:salt-master(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
Main PID: 8295 (salt-master)
CGroup: /system.slice/salt-master.service
├─8295 /usr/bin/python /usr/bin/salt-master
├─8302 /usr/bin/python /usr/bin/salt-master
├─8321 /usr/bin/python /usr/bin/salt-master
├─8323 /usr/bin/python /usr/bin/salt-master
├─8326 /usr/bin/python /usr/bin/salt-master
├─8327 /usr/bin/python /usr/bin/salt-master
├─8328 /usr/bin/python /usr/bin/salt-master
├─8329 /usr/bin/python /usr/bin/salt-master
├─8330 /usr/bin/python /usr/bin/salt-master
├─8331 /usr/bin/python /usr/bin/salt-master
├─8332 /usr/bin/python /usr/bin/salt-master
├─8340 /usr/bin/python /usr/bin/salt-master
└─8342 /usr/bin/python /usr/bin/salt-master
Mar 08 13:13:53 centos120 systemd[1]: Starting The Salt Master Server...
Mar 08 13:13:54 centos120 salt-master[8295]: /usr/lib/python2.7/site-packages/salt/scripts.py:109: DeprecationWarni...ater.
Mar 08 13:13:55 centos120 systemd[1]: Started The Salt Master Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos120 salt]#
[root@centos120 salt]# netstat -antupl | grep python
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 8321/python
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 8328/python
[root@centos120 salt]#
[root@centos120 salt]# ps -ef | grep salt
root 8295 1 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8302 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8321 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8322 1 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 8323 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8326 8295 0 13:13 ? 00:00:12 /usr/bin/python /usr/bin/salt-master
root 8327 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8328 8327 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-master
root 8329 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8330 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8331 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8332 8295 0 13:13 ? 00:00:08 /usr/bin/python /usr/bin/salt-master
root 8340 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8342 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-master
root 8365 8322 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-minion
root 8371 8365 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 14012 7302 0 14:31 pts/0 00:00:00 grep --color=auto salt
[root@centos120 salt]# 启动minion端 服务:
[root@centos122 salt]# systemctl start salt-minion
[root@centos122 salt]# systemctl status salt-minion
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-03-08 14:00:46 CST; 27min ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
Main PID: 7563 (salt-minion)
CGroup: /system.slice/salt-minion.service
├─7563 /usr/bin/python /usr/bin/salt-minion
├─7567 /usr/bin/python /usr/bin/salt-minion
└─7573 /usr/bin/python /usr/bin/salt-minion
Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...conds
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos122 salt]# ll
[root@centos122 salt]# ps -ef | grep salt
root 7563 1 0 14:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 7567 7563 0 14:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 7573 7567 0 14:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion
root 8968 7030 0 14:29 pts/0 00:00:00 grep --color=auto salt
[root@centos122 salt]# 同理centos120 ,centos121一样启动。
- 开始配置认证:
重启所有服务:
[root@centos120 salt]# sytemctl restart salt-master
[root@centos120 salt]# systemctl restart salt-minion
[root@centos121 salt]# systemctl restart salt-minion
[root@centos122 salt]# systemctl restart salt-minionsalt-minion 启动后,会自动向salt-master 发送公钥,
所以只要在salt-master 接受一下就可以
开始接受所有salt-minion公钥:
[root@centos120 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
centos120
centos121
centos122
Proceed? [n/Y] Y
Key for minion centos120 accepted.
Key for minion centos121 accepted.
Key for minion centos122 accepted.
[root@centos120 salt]# 查看salt-minion端接受到的公钥:
[root@centos120 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub
-r-------- 1 root root 1674 Mar 8 14:42 minion.pem
-rw-r--r-- 1 root root 450 Mar 8 14:42 minion.pub
[root@centos120 salt]# ll /etc/salt/pki/master/
total 8
-r-------- 1 root root 1678 Mar 8 13:13 master.pem
-rw-r--r-- 1 root root 450 Mar 8 13:13 master.pub
drwxr-xr-x 2 root root 57 Mar 8 14:45 minions
drwxr-xr-x 2 root root 6 Mar 8 13:13 minions_autosign
drwxr-xr-x 2 root root 6 Mar 8 13:13 minions_denied
drwxr-xr-x 2 root root 6 Mar 8 14:45 minions_pre
drwxr-xr-x 2 root root 6 Mar 8 13:13 minions_rejected
[root@centos120 salt]# cat /etc/salt/pki/minion/minion_master.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTwWyV0gi7yFKKBt2tiS
thOEu6v1kn4OKM1TEcdIz7XzNUUS+ve/Jz51dH2X2ykW3lLkJqzM7AXunlWH0E5n
9vAzckMtXgjQ8/JrbRbIjDNiEAFqrJDMwDb5Zl4KUJUHZJW6LaT2WR5S9iCRNR+w
lK9SIpvCcBgfboUNt6u2ttIc4CW5UeIS7w6DGlrXv+9sD6djmjiWrmEjKJt0o9vR
myyJOQ3gXC9o/rv4HCmhJwSpqkDb93d4zs4M7jFssY2jfRKzY9paId/dgtkMcT1J
/J801mZv1DNV0mXZjEk8CqGFziO+8/UOFs/9yu1L3gDOQoysR5eAqOmTQN2pKgxL
FwIDAQAB
-----END PUBLIC KEY-----
[root@centos120 salt]#查看生成的key:
[root@centos121 minion]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar 8 14:41 minion.pem
-rw-r--r-- 1 root root 450 Mar 8 14:41 minion.pub
[root@centos121 minion]#
[root@centos121 minion]#
[root@centos121 minion]# ll /etc/salt/pki/master/
total 0
[root@centos121 minion]#
[root@centos122 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar 8 14:42 minion.pem
-rw-r--r-- 1 root root 450 Mar 8 14:42 minion.pub
[root@centos122 salt]# ll /etc/salt/pki/master/
total 0
[root@centos122 salt]# salt-master 和 salt-minion 证书认证配置到此完成。
- 测试批量处理
远程执行命令:
[root@centos120 salt]# salt 'centos121' test.ping
centos121:
True
[root@centos120 salt]# salt '*' test.ping
centos121:
True
centos122:
True
centos120:
True
[root@centos120 salt]#
[root@centos120 salt]# salt 'centos121' cmd.run 'df -h'
centos121:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 17G 1.5G 16G 9% /
devtmpfs 475M 0 475M 0% /dev
tmpfs 487M 40K 487M 1% /dev/shm
tmpfs 487M 7.7M 479M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sdb2 105M 8.0M 97M 8% /gluster/brick2
/dev/sda1 1014M 146M 869M 15% /boot
/dev/sdb1 92M 7.2M 85M 8% /gluster/brick1
tmpfs 98M 0 98M 0% /run/user/0
[root@centos120 salt]# salt 'centos121' cmd.run 'w'
centos121:
14:52:54 up 1:45, 1 user, load average: 0.08, 0.03, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.0.101 13:08 3:10 0.10s 0.10s -bash
[root@centos120 salt]# 远程指定多台server :
[root@centos120 salt]# salt -L 'centos120, centos121' cmd.run 'hostname'
centos121:
centos121
centos120:
centos120
[root@centos120 salt]# - salt组件介绍
saltstack之grains介绍:
GRAINS 组件是saltstack中非常重要的一个组件,其主要用于记录Minion的一些静态信息,如比:CPU、内存、磁盘、网络等。grains信息是每次客户端启动后自动上报给master的,一旦这些静态信息发生改变需要重启minion 或者 重新同步下 grains。
grains 是在minion启动收集到的一些信息,比如操作系统的类型,网卡IP,内存版本,CPU信息等。
[root@centos120 salt]# salt -L 'centos121' grains.ls
centos121:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- cwd
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- fqdns
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
[root@centos120 salt]# 查看items:
[root@centos120 salt]# salt -L 'centos121' grains.items
centos121:
----------
SSDs:
biosreleasedate:
07/02/2015
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- ht
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- eagerfpu
- pni
- pclmulqdq
- vmx
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- epb
- tpr_shadow
- vnmi
- ept
- vpid
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- rdseed
- adx
- smap
- xsaveopt
- dtherm
- ida
- arat
- pln
- pts
- hwp
- hwp_notify
- hwp_act_window
- hwp_epp
cpu_model:
Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
cpuarch:
x86_64
cwd:
/
disks:
- sda
- sdb
- sr0
- dm-0
- dm-1
dns:
----------
domain:
ip4_nameservers:
- 192.168.0.1
- 192.168.1.1
ip6_nameservers:
nameservers:
- 192.168.0.1
- 192.168.1.1
options:
search:
- DHCP
- HOST
sortlist:
domain:
fqdn:
centos121
fqdn_ip4:
- 192.168.0.121
fqdn_ip6:
- fe80::4eff:a5b2:4d5b:ae08
- fe80::2f47:1e27:f7e1:ea88
fqdns:
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
vmware
groupname:
root
host:
centos121
hwaddr_interfaces:
----------
ens33:
00:0c:29:51:46:50
ens37:
00:0c:29:51:46:5a
lo:
00:00:00:00:00:00
id:
centos121
init:
systemd
ip4_gw:
192.168.0.1
ip4_interfaces:
----------
ens33:
- 192.168.0.121
ens37:
- 192.168.0.102
lo:
- 127.0.0.1
ip6_gw:
False
ip6_interfaces:
----------
ens33:
- fe80::2f47:1e27:f7e1:ea88
ens37:
- fe80::4eff:a5b2:4d5b:ae08
lo:
- ::1
ip_gw:
True
ip_interfaces:
----------
ens33:
- 192.168.0.121
- fe80::2f47:1e27:f7e1:ea88
ens37:
- 192.168.0.102
- fe80::4eff:a5b2:4d5b:ae08
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.0.102
- 192.168.0.121
ipv6:
- ::1
- fe80::2f47:1e27:f7e1:ea88
- fe80::4eff:a5b2:4d5b:ae08
kernel:
Linux
kernelrelease:
3.10.0-957.el7.x86_64
kernelversion:
#1 SMP Thu Nov 8 23:39:32 UTC 2018
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
UTF-8
timezone:
unknown
localhost:
centos121
lsb_distrib_codename:
CentOS Linux 7 (Core)
lsb_distrib_id:
CentOS Linux
machine_id:
25f97b4fbbea4c2a8e8940747c895695
manufacturer:
VMware, Inc.
master:
192.168.0.120
mdadm:
mem_total:
972
nodename:
centos121
num_cpus:
8
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Linux 7 (Core)
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.6.1810
osrelease_info:
- 7
- 6
- 1810
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
9033
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
3000
saltversioninfo:
- 3000
- None
- None
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d f8 fe ac f0 e1 1a-34 0a 67 d6 1b 51 46 50
server_id:
1110840923
shell:
/bin/sh
swap_total:
2047
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
uid:
0
username:
root
uuid:
fef84d56-f0ac-1ae1-340a-67d61b514650
virtual:
VMware
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.1.4
[root@centos120 salt]# - 启动grains的信息并不是动态的,并不会时时变更,它只是在minion启动时收集到的,我们可以根据grains收集到的一些信息,做配置管理工作,可以支持自定义一些监控项。
[root@centos121 minion]# vi /etc/salt/grains
[root@centos121 minion]# cat /etc/salt/grains
role: web1_server
env: test
myname: web1
myhostname: web1.com
[root@centos121 minion]#然后重启minion
7.1 查看刚刚自定义的值
8.
[root@centos120 salt]# salt -L 'centos121' grains.items | egrep -A 1 'role|env|myname|myhostname'
env:
test
--
myhostname:
web1.com
myname:
web1
--
role:
web1_server
[root@centos120 salt]# 7.2 单独查看item:
[root@centos120 salt]# salt -L 'centos121' grains.item env
centos121:
----------
env:
test
[root@centos120 salt]# 7.3 我们可以借助grains的一些属性信息来执行一些命令:
[root@centos120 salt]# salt -G env:test cmd.run 'w'
centos121:
15:06:41 up 1:59, 1 user, load average: 0.08, 0.03, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.0.101 13:08 5:45 0.14s 0.14s -bash
[root@centos120 salt]# - saltstack之pillar介绍:
grains用于存储静态不易变更的数据,而pillar一般用来存储动态的、敏感的数据;通过minion端和master端都可以配置设置或获取grains信息,而pillar信息只能在master端配置,再到minion端执行。
pillar和grains不一样,是在master上定义的,并且是针对minion定义的一些信息,可以自定义变量等
自定义配置pillar过程:
8.1 在master 端centos120上配置pillar :
找到pillar_roots 这项,取消下面三行的注释
[root@centos120 salt]# cp -p master master.bk.20200308-2
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308-2
837,839c837,839
< pillar_roots:
< base:
< - /srv/pillar
---
> #pillar_roots:
# base:
> # - /srv/pillar创建pillar文件的存放目录:
[root@centos120 salt]# mkdir -p /srv/pillar
[root@centos120 salt]# cd !$
cd /srv/pillar
[root@centos120 pillar]# 创建配置文件,编辑如下内容:
[root@centos120 pillar]# vi httpd.sls
[root@centos120 pillar]# cat httpd.sls
conf: /etc/httpd/conf/httpd.conf
servername: web1.com注意冒号后有空格
创建编写入口配置文件 即top.sls文件
[root@centos120 pillar]# pwd
/srv/pillar
[root@centos120 pillar]# vi top.sls
[root@centos120 pillar]# cat top.sls
base:
'centos121':
- httpd
[root@centos120 pillar]# 注意- 后有空格
重启salt-master 服务
[root@centos120 pillar]# systemctl restart salt-master
[root@centos120 pillar]# 可以通过刷新来获取新的状态
[root@centos120 pillar]# salt '*' saltutil.refresh_pillar
centos121:
True
centos122:
True
centos120:
True
[root@centos120 pillar]# 查看
[root@centos120 pillar]# salt '*' pillar.items
centos120:
----------
centos121:
----------
conf:
/etc/httpd/conf/httpd.conf
servername:
web1.com
centos122:
----------
[root@centos120 pillar]# 9 .Saltstack 配置管理服务
1、配置安装apache
取消下面三行注释,注意空格
[root@centos120 salt]# cp -p master master.bk.20200308-3
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308-3
657,659c657,659
< file_roots:
< base:
< - /srv/salt/
---
> # file_roots:
> # base:
> # - /srv/salt/
[root@centos120 salt]# 创建配置文件存储目录 并创建入口文件
[root@centos120 ~]# mkdir /srv/salt
[root@centos120 ~]# cd !$
cd /srv/salt
[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls
base:
'centos121':
- apache
[root@centos120 salt]# 重启服务:
[root@centos120 salt]# !syste
systemctl restart salt-master
[root@centos120 salt]# 创建编写apache模块的配置文件
[root@centos120 salt]# vi apache.sls
[root@centos120 salt]# cat apache.sls
apache-service:
pkg.installed:
- names:
-httpd
-httpd-devel
service.running:
- name: httpd
- enable: True
[root@centos120 salt]# 注意:行对齐 -有空格
apache-service是ID的名称,自定义的。pkg.installed为包安装函数,下面是要安装的包的名字。service.running也是一个函数,来保证指定的服务启动,enable表示开机启动。
配置好文件,执行
[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 18:43:58.483864
Duration: 18618.516 ms
Changes:
----------
apr:
----------
new:
1.4.8-5.el7
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-90.el7.centos
old:
httpd-tools:
----------
new:
2.4.6-90.el7.centos
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 18:44:17.118830
Duration: 7455.336 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-5.el7
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-90.el7.centos
old:
libdb:
----------
new:
5.3.21-25.el7
old:
5.3.21-24.el7
libdb-devel:
----------
new:
5.3.21-25.el7
old:
libdb-utils:
----------
new:
5.3.21-25.el7
old:
5.3.21-24.el7
openldap:
----------
new:
2.4.44-21.el7_6
old:
2.4.44-20.el7
openldap-devel:
----------
new:
2.4.44-21.el7_6
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 18:44:24.583323
Duration: 211.858 ms
Changes:
----------
httpd:
True
Summary for centos121
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 26.286 s
[root@centos120 salt]#
从上述结果可以知道,可以成功执行
查看被执行的minion上的httpd的确被安装,启动和enabled
[root@centos121 salt]# netstat -antupl | grep 80
tcp6 0 0 :::80 :::* LISTEN 10233/httpd
udp6 0 0 fe80::2f47:1e27:f7e:123 :::* 6525/ntpd
[root@centos121 salt]#
[root@centos121 salt]# systemctl is-enabled httpd
enabled
[root@centos121 salt]# 10.配置远程文件管理
创建一个文件管理的模块
[root@centos120 salt]# pwd
/etc/salt
[root@centos120 salt]# vi filecopy.sls
[root@centos120 salt]# cat filecopy.sls
filecopy:
file.managed:
- name: /tmp/test.file
- source: salt://test/index.php
- user: root
- group: root
- mode: 644
[root@centos120 salt]# 注意:第一行的 filecopy 为自定的名字,表示该配置段的名字,可以在别的配置段中引用它;source指定文件从哪里拷贝,这里的 test 目录相当于是 /srv/salt/test 目录;name指定远程客户端要生成的文件。
新建所要测试的源文件
[root@centos120 srv]# mkdir -p /srv/salt/test
[root@centos120 srv]# echo "test salt file managed" > /srv/salt/test/index.php在入口文件里添加模块
[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls
base:
'centos121':
- apache
- filecopy
[root@centos120 salt]# 测试执行
[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 22:38:32.908055
Duration: 760.4 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 22:38:33.668754
Duration: 16.474 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 22:38:33.686516
Duration: 46.938 ms
Changes:
----------
ID: filecopy
Function: file.managed
Name: /tmp/test.file
Result: True
Comment: File /tmp/test.file updated
Started: 22:38:33.753042
Duration: 32.348 ms
Changes:
----------
diff:
New file
mode:
0644
Summary for centos121
------------
Succeeded: 4 (changed=1)
Failed: 0
------------
Total states run: 4
Total run time: 856.160 ms
[root@centos120 salt]#
查看结果
[root@centos121 ~]# ll /tmp/test.file
-rw-r--r-- 1 root root 23 Mar 8 22:38 /tmp/test.file
[root@centos121 ~]# cat !$
cat /tmp/test.file
test salt file managed
[root@centos121 ~]# 12.配置文件夹管理:
创建一个文件夹管理的模块
[root@centos120 salt]# cat filedir.sls
file_dir:
file.recurse:
- name: /tmp/testdir
- source: salt://test
- user: root
- group: root
- file_mode: 644
- dir_mode: 755
- mkdir: True
- clean: True在入口文件里添加模块
[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls
base:
'centos121':
- apache
- filecopy
- filedir
[root@centos120 salt]# 测试文件夹管理
[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 22:47:17.475869
Duration: 636.77 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 22:47:18.112930
Duration: 16.986 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 22:47:18.130854
Duration: 45.213 ms
Changes:
----------
ID: filecopy
Function: file.managed
Name: /tmp/test.file
Result: True
Comment: File /tmp/test.file is in the correct state
Started: 22:47:18.179219
Duration: 21.548 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 22:47:18.200950
Duration: 86.558 ms
Changes:
----------
/tmp/testdir/index.php:
----------
diff:
New file
mode:
0644
Summary for centos121
------------
Succeeded: 5 (changed=1)
Failed: 0
------------
Total states run: 5
Total run time: 807.075 ms
[root@centos120 salt]# 客户端查看是否有/tmp/testdir 目录
[root@centos121 ~]# ls -ltr /tmp/testdir
total 4
-rw-r--r-- 1 root root 23 Mar 8 22:47 index.php
[root@centos121 ~]# - saltstack远程执行命令
创建执行命令的配置文件:
[root@centos120 salt]# vi cmd.sls
[root@centos120 salt]# cat cmd.sls
cmd_test:
cmd.run:
- unless: test -f /tmp/gnu.index
- names:
- touch /tmp/cmdfile.index
- mkdir /tmp/cmd
- user: root
[root@centos120 salt]#注意:unless: 表示若 /tmp/gnu.index文件不存在,也就是结果为True则执行-name后面的命令,为false则不执行;还可以使用 onlyif 表示若 /tmp/gnu.index文件存在,则执行后面的命令;两者正好相反。
在入口文件里添加模块
[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls
base:
'centos121':
- apache
- filecopy
- filedir
- cmd
[root@centos120 salt]#测试执行命令
[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 22:53:35.762137
Duration: 635.316 ms
Changes:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 22:53:36.397764
Duration: 16.511 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 22:53:36.415052
Duration: 44.985 ms
Changes:
----------
ID: filecopy
Function: file.managed
Name: /tmp/test.file
Result: True
Comment: File /tmp/test.file is in the correct state
Started: 22:53:36.463189
Duration: 21.523 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: The directory /tmp/testdir is in the correct state
Started: 22:53:36.484894
Duration: 29.106 ms
Changes:
----------
ID: cmd_test
Function: cmd.run
Name: touch /tmp/cmdfile.index
Result: True
Comment: Command "touch /tmp/cmdfile.index" run
Started: 22:53:36.522364
Duration: 31.084 ms
Changes:
----------
pid:
11407
retcode:
0
stderr:
stdout:
----------
ID: cmd_test
Function: cmd.run
Name: mkdir /tmp/cmd
Result: True
Comment: Command "mkdir /tmp/cmd" run
Started: 22:53:36.553711
Duration: 20.647 ms
Changes:
----------
pid:
11409
retcode:
0
stderr:
stdout:
Summary for centos121
------------
Succeeded: 7 (changed=2)
Failed: 0
------------
Total states run: 7
Total run time: 799.172 ms
[root@centos120 salt]# 查看客户端结果
[root@centos121 ~]# ls -ltr /tmp/ | tail -2
-rw-r--r-- 1 root root 0 Mar 8 22:53 cmdfile.index
drwxr-xr-x 2 root root 6 Mar 8 22:53 cmd
[root@centos121 ~]# 14.saltstack远程执行shell脚本
创建执行shell 脚本配置文件
[root@centos120 salt]# vi shell.sls
[root@centos120 salt]# cat shell.sls
shell_test:
cmd.script:
- source: salt://test/gnu.sh
- user: root
[root@centos120 salt]# 创建shell脚本
[root@centos120 salt]# vi test/gnu.sh
[root@centos120 salt]# cat test/gnu.sh
#!/bin/bash
systemctl stop httpd >> /tmp/log在入口文件中添加执行配置
[root@centos120 salt]# cat top.sls
base:
'centos121':
- shell
[root@centos120 salt]# 测试执行
[root@centos120 salt]# salt 'centos121' state.highstate
centos121:
----------
ID: shell_test
Function: cmd.script
Result: True
Comment: Command 'shell_test' run
Started: 23:03:13.523069
Duration: 1064.226 ms
Changes:
----------
pid:
11703
retcode:
0
stderr:
stdout:
Summary for centos121
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 1.064 s
[root@centos120 salt]# 查看结果
[root@centos121 ~]# cat /tmp/log
[root@centos121 ~]# 
