当前位置: 欧洲杯竞猜 > 服务器运维 > 正文

高速入门SaltStack,飞速入门教程

时间:2019-10-20 02:28来源:服务器运维
Saltstack 快速入门教程,Saltstack入门教程 目录 saltstack简介 安装saltstack grainsgt; sudo apt-get update sudo apt-get install salt-master sudo apt-get install salt-minion sudo apt-get install salt-ssh sudo apt-get install s

Saltstack 快速入门教程,Saltstack入门教程

目录

  • saltstack简介
  • 安装saltstack
  • grains&pillar
  • 管理对象Target
  • 陈设处理States
  • 自定义module
导读 SaltStack是基于Python开发的一套C/S架构配置管理工具(功能不仅仅是配置管理,如使用salt-cloud配置AWS EC2实例),它的底层使用ZeroMQ消息队列pub/sub方式通信,使用SSL证书签发的方式进行认证管理。号称世界上最快的消息队列ZeroMQ使得SaltStack能快速在成千上万台机器上进行各种操作。

Saltstack 赶快入门教程

saltstack简介

图片 1

1.介绍

Saltstack 比 Puppet 出来晚几年,是基于Python 开辟的,也是基于 C/S 架构,服务端 master 和客商端 minions ;Saltstack 和 Puppet 很像,能够说 Saltstatck 整合了 Puppet 和 Chef 的法力,更抓牢有力,更合乎大范围批量管克制务器,并且它比 Puppet 更易于配置。 三大作用: 远程命令试行,配置管理(服务,文件,cron,客商,组),云管理。

什么是saltstack?

Saltstack开源项目始于二〇一一年,使用Python开荒的如日中天套C/S架构的运转为工人身份具,由Master和Minion组成,通过ZeroMQ实行通讯。
类别地址: https://github.com/saltstack/salt
官方网址地址: http://www.saltstack.com
法定文书档案: http://docs.saltstack.com OR http://docs.saltstack.cn
付出语言: Python
运作方式: C/S

还要动用奔驰M级SA Key格局确认身份,传输选用AES加密,那使得它的安全性得到了保持。SaltStack日常被描述为Func加强版 Puppet精简版。

2.预备职业

预备两台机械,这两台机器都关门 selinux,清空 iptables 法则并保存。 master:192.168.1.160 slaver:192.168.1.161

立异软件源

[[email protected] ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[[email protected] ~]# yum makecache fast
Loaded plugins: fastestmirror
HuaDongBD                                                                                                                                            | 2.9 kB  00:00:00     
base                                                                                                                                                 | 3.6 kB  00:00:00     
extras                                                                                                                                               | 3.4 kB  00:00:00     
os                                                                                                                                                   | 3.6 kB  00:00:00     
updates                                                                                                                                              | 3.4 kB  00:00:00     
updates/7/x86_64/primary_db                                                                                                                          | 7.8 MB  00:00:07     
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Metadata Cache Created
[[email protected] ~]#

基本术语

说明
master 控制中心,salt命令运行和资源状态管理端
minions 需要管理的客户端机器,会主动连接master端,并从master端得到资源状态信息,同步资源管理信息
states 配置管理的指令集
grains minion端的静态变量
pillar minion端的动态变量
highstate 给minion永久添加状态,从sls配置文件读取
salt schedule 自动保持客户端配置

为啥选拔SaltStack?

3. 安装

在SaltsStack架构中服务端叫作Master,顾客端叫作迷你on,都以以守护进度的形式运维,平昔监听配置文件中定义的ret_port(saltstack顾客端与服务端通讯的端口,担任接收顾客端发送过来的结果,默认4506端口)和publish_port(saltstack的音讯公布系统,暗许4505端口)的端口。当Minion运营时会自动三番两次到安排文件中定义的Master地址ret_port端口进行连接认证。

  • Master:调节主旨,salt命令运营和能源气象管理
  • Minion : 须要管住的顾客端机器,会积极性去连接Mater端,并从Master端获得资源处境音讯,同步财富管理音讯
  • States:配置管理的指令集
  • Modules:在命令行二月配备文件中动用的授命模块,能够在指令行中运维
  • Grains:minion端的变量,静态的
  • Pillar:minion端的变量,动态的可比私密的变量,能够经过布署文件得以达成同台minions定义
  • highstate:为minion端下发长久增加状态,从sls配置文件读取.即同步状态配置
  • salt_schedule:会自动保持顾客端配置

安装saltstack

此时此刻市道上主流的开源自动化配置管理工科具备puppet、chef、ansible、saltstack等等。到底采取极度相比好?可以从以下几方面考虑:

3.1 服务端安装

yum install -y epel-release

yum install -y salt-master salt-minion

[[email protected] ~]# yum install -y epel-release
[[email protected] ~]# yum install -y salt-master salt-minion

安装

Installs the latest release. Updating installs the latest release even if it is a new major version.

1.1、Run the following command to import the SaltStack repository key:

wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -

1.2、Save the following file to /etc/apt/sources.list.d/saltstack.list:

deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main

1.3、Install

> sudo apt-get update
> sudo apt-get install salt-master
> sudo apt-get install salt-minion
> sudo apt-get install salt-ssh
> sudo apt-get install salt-syndic
> sudo apt-get install salt-cloud
> sudo apt-get install salt-api

1.4、show version

> salt --version
salt 2016.3.3 (Boron)

言语的取舍(puppet/chef vs ansible/saltstack)

3.2 客商端安装

[[email protected] ~]# yum install -y epel-release
[[email protected] ~]# yum install -y salt-minion

基本的配置

文件 /etc/salt/master

interface: 192.168.199.86

文件 /etc/salt/minion

master: 192.168.199.86
id: qianlnk # minion的识别ID,可以是IP,域名,或是可以通过DNS解析的字符串

Puppet、Chef基于Ruby开发,ansible、saltstack基于python开发的

4.配置

配置

master:
https://docs.saltstack.com/en/latest/ref/configuration/master.html
http://arlen.blog.51cto.com/7175583/1423997

minion:
https://docs.saltstack.com/en/latest/ref/configuration/minion.html
http://arlen.blog.51cto.com/7175583/1424008

运维开荒语言热衷于python(中期可做叁回开拓),排除Puppet、Chef

4.1 Salt minion配置

用vi/vim展开/etc/salt/minion,找到配置选项master所在行,日常在第16行。修改内容,去掉#,冒号后有二个空格,将salt退换为master。

以身作则操作如下:

[[email protected] ~]# vi /etc/salt/minion

[[email protected] ~]# vi /etc/salt/minion

# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: master

假若找不到master对应的行,能够一向在文书后面部分增添如火如荼行master: mastermaster: 192.168.1.160

也得以动用sed命令直接改造配置文件

[[email protected] ~]# sed -i 's/#master: salt/master: 192.168.1.160/g' /etc/salt/minion

启动

sudo service salt-master start
sudo service salt-minion start

进程的选择(ansible vs saltstack)

5.开始服务

(1)服务端

[[email protected] ~]# salt-master start

在后端运营

[[email protected] ~]# salt-master start &
[3] 35438
[[email protected] ~]#

(2)客户端

[[email protected] ~]# salt-minion start &
[ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate

[[email protected] ~]# salt-minion start &
[ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate

[[email protected] ~]# salt-minion start
[ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate

minion在首先次运行时,会在/etc/salt/pki/minion/(该路线在/etc/salt/minion里面安装)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。master在接受到minion的public key后,通过salt-key命令accept minion public key,那样在master的/etc/salt/pki/master/minions下的将会贮存以minion id命名的 public key,然后master就能够对minion发送指令了。

master接受minion的key

> sudo salt-key -L                
Accepted Keys:
Denied Keys:
Unaccepted Keys:
qianlnk
Rejected Keys:

> sudo salt-key -a qianlnk
The following keys are going to be accepted:
Unaccepted Keys:
qianlnk
Proceed? [n/Y] y
Key for minion qianlnk accepted.

> sudo salt-key -L        
Accepted Keys:
qianlnk
Denied Keys:
Unaccepted Keys:
Rejected Keys:

ansible基于ssh协议传输数据,SaltStack使用音信队列zeroMQ传输数据。从网络数据来看,SaltStack比ansible快大约40倍。

6.配置认证

(1)在服务端上操作 新开荒一个nb0终端

[[email protected] ~]# salt-key -a nb0
The following keys are going to be accepted:
Unaccepted Keys:
nb0
Proceed? [n/Y] y
Key for minion nb0 accepted.
[[email protected] ~]#

[[email protected] ~]# salt-key -a nb1
The following keys are going to be accepted:
Unaccepted Keys:
nb1
Proceed? [n/Y]y
Key for minion nb1 accepted.
[[email protected] ~]#

[[email protected] ~]# salt-key -a nb2
The following keys are going to be accepted:
Unaccepted Keys:
nb2
Proceed? [n/Y] y
Key for minion nb2 accepted.
You have mail in /var/spool/mail/root
[[email protected] ~]#

[[email protected] ~]# salt-key
Accepted Keys:
nb0
nb1
nb2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[[email protected] ~]# 

在乎: 在==大面积安顿Minion==的时候能够设置自动接受钦赐等待认证的 key

在修改/etc/salt/master前,先备份一下

[[email protected] ~]# cp /etc/salt/master /etc/salt/master.bak

通过vi打开/etc/salt/master

[[email protected] ~]# vi /etc/salt/master

找到#auto_accept: False一行,修改False为True

# Enable auto_accept, this setting will automatically accept all incoming
# public keys from the minions. Note that this is insecure.
#auto_accept: False

抑或经过sed命令修改

[[email protected] ~]# sed -i 's/#auto_accept: False/auto_accept: True/g' /etc/salt/master

ctrl c结束salt-master,然后再起步

[[email protected] ~]# salt-master start 
^C[WARNING ] Stopping the Salt Master
[WARNING ] Stopping the Salt Master

Exiting on Ctrl-c
[WARNING ] Stopping the Salt Master

Exiting on Ctrl-c

Exiting on Ctrl-c
[[email protected] ~]# salt-master start

(2)测验注解

[[email protected] ~]# salt '*' test.ping
nb2:
    True
nb1:
    True
nb0:
    True
[[email protected] ~]#

这里的 * 必需是在 master 三春经被接受过的顾客端,能够通过 salt-key 查到

长途实行命令

[[email protected] ~]# salt '*' cmd.run   'df -h'
nb0:
    Filesystem           Size  Used Avail Use% Mounted on
    /dev/mapper/cl-root   48G   26G   22G  55% /
    devtmpfs             3.9G     0  3.9G   0% /dev
    tmpfs                3.9G   16K  3.9G   1% /dev/shm
    tmpfs                3.9G  402M  3.5G  11% /run
    tmpfs                3.9G     0  3.9G   0% /sys/fs/cgroup
    /dev/sda1           1014M  139M  876M  14% /boot
    /dev/mapper/cl-home   24G   33M   24G   1% /home
    tmpfs                781M     0  781M   0% /run/user/0
    /dev/loop0           7.8G  7.8G     0 100% /var/ftp/iso-home
nb1:
    Filesystem           Size  Used Avail Use% Mounted on
    /dev/mapper/cl-root   48G  4.3G   44G   9% /
    devtmpfs             3.9G     0  3.9G   0% /dev
    tmpfs                3.9G   12K  3.9G   1% /dev/shm
    tmpfs                3.9G  377M  3.5G  10% /run
    tmpfs                3.9G     0  3.9G   0% /sys/fs/cgroup
    /dev/sda1           1014M  139M  876M  14% /boot
    /dev/mapper/cl-home   24G   33M   24G   1% /home
    tmpfs                781M     0  781M   0% /run/user/0
nb2:
    Filesystem           Size  Used Avail Use% Mounted on
    /dev/mapper/cl-root   48G  4.9G   43G  11% /
    devtmpfs             3.9G     0  3.9G   0% /dev
    tmpfs                3.9G   12K  3.9G   1% /dev/shm
    tmpfs                3.9G  401M  3.5G  11% /run
    tmpfs                3.9G     0  3.9G   0% /sys/fs/cgroup
    /dev/sda1           1014M  139M  876M  14% /boot
    /dev/mapper/cl-home   24G   33M   24G   1% /home
    tmpfs                781M     0  781M   0% /run/user/0
[[email protected] ~]# 

先是大家要精通在设置SaltStack的时候Master 跟Minion端都分别安装了怎么着文件,那样便于我们去领会SaltStack日后的有个别坐观成败操作。大家能够通过以下命令查看SaltStack安装配备的时候分别安 装了怎么着命令(yum安装形式)。

[[email protected] ~]# rpm -ql salt-master
/etc/salt/master            #salt master 配置文件
/usr/bin/salt               #salt master  核心操作命令
/usr/bin/salt-cp            #salt  文件传输命令
/usr/bin/salt-key           #salt  证书管理命令
/usr/bin/salt-master        #salt master  服务命令
/usr/bin/salt-run           #salt master runner 命令
/usr/bin/salt-unity
/usr/lib/systemd/system/salt-master.service
/usr/share/man/man1/salt-cp.1.gz
/usr/share/man/man1/salt-key.1.gz
/usr/share/man/man1/salt-master.1.gz
/usr/share/man/man1/salt-run.1.gz
/usr/share/man/man1/salt-unity.1.gz
/usr/share/man/man7/salt.7.gz
[[email protected] ~]#

[[email protected] ~]# salt --version
salt 2015.5.10 (Lithium)
[[email protected] ~]#

测试

> sudo salt "qianlnk" test.ping
qianlnk:
  True

> sudo salt "qianlnk" cmd.run 'uptime'
qianlnk:
  13:34:25 up 14 days, 2:37, 1 user, load average: 0.04, 0.18, 0.16

相比较ansible,Saltstack劣势是索要安装顾客端。为了速度提出选用SaltStack

7管理对象

就算大家要保养好三个宏大的配备处理系列,那么首先得保障好大家的管理对象,在SaltStack系 统中大家的管理对象叫作Target,在Master上我们能够利用差异Target去管理分化的Minion。这一个Target都是通过去管理和匹配Minion的ID来做的日新月异部分成团。

[[email protected] ~]# rpm -ql salt-minion
/etc/salt/minion                #salt minion 配置文件
/usr/bin/salt-call              #salt call 拉取命令
/usr/bin/salt-minion            #salt minion  服务命令
/usr/lib/systemd/system/salt-minion.service
/usr/share/man/man1/salt-call.1.gz
/usr/share/man/man1/salt-minion.1.gz
You have mail in /var/spool/mail/root
[[email protected] ~]# 

(1)正则相配

在操作与治本Minion时能够由此正则表达式来 相称Minion ID的措施去处理它们。 举个例子我们想要 对一双两好到’nb*’字符串的Minion实行操作,查看各节点的IP

[[email protected] ~]# salt 'nb*' network.ip_addrs
nb0:
    - 192.168.1.160
nb1:
    - 192.168.1.161
nb2:
    - 192.168.1.162
[[email protected] ~]# 

(2)列表相配

-L, –list 列表相配

[[email protected] ~]# salt -L nb1,nb2 test.ping
nb2:
    True
nb1:
    True
[[email protected] ~]# 

(3)Grians匹配

[[email protected] ~]# salt -G 'os:CentOS' test.ping
nb0:
    True
nb1:
    True
nb2:
    True
You have mail in /var/spool/mail/root
[[email protected] ~]#

中间os:CentOS,这里的目的是意气风发组键值对, 这里运用了Minion的Grains的键值对。在末端介绍 Grains的时候会详细讲解,这里只必要精通能够通 过键值对的方法去相配Minion ID。

-G, –grain grains 匹配

(4)组匹配

第豆蔻年华在master配置文件中定义组

[[email protected] ~]# vi /etc/salt/master

#####         Node Groups           #####
##########################################
# Node groups allow for logical groupings of minion nodes. A group consists of a group
# name and a compound target.
#nodegroups:
#  group1: '[email protected],bar.domain.com,baz.domain.com and bl*.domain.com'
#  group2: '[email protected]:Debian and foo.domain.com'

[email protected] 和[email protected] 分别代表minion和grain消息 [email protected]开通的是钦定的以逗号分隔的几个minionId

Letter

Match Type

Example

Alt Delimiter?

G

Grains glob

[email protected]:Ubuntu

Yes

E

PCRE Minion ID

`[email protected]d .(dev

qa

P

Grains PCRE

[email protected]:(RedHat

Fedora

L

List of minions

[email protected],minion3.domain.com or bl*.domain.com

No

I

Pillar glob

[email protected]:foobar

Yes

J

Pillar PCRE

`[email protected]:^(foo

bar)$`

S

Subnet/IP address

[email protected]/24 or [email protected]

No

R

Range cluster

[email protected]%foo.bar

No

Matchers can be joined using boolean and, or, and not operators.

修改group1:group1: '[email protected],nb2'

-N, –nodegroup 组匹配

(5)CID途乐相配 192.168.1.0/24是四个钦赐的CID大切诺基网段,这里 CIDHighlander相称的IP地址是Minion连接Matser 4505端口 的来源于地址。

[[email protected] ~]# salt -S '192.168.1.0/24' test.ping
nb0:
    True
nb2:
    True
nb1:
    True
[[email protected] ~]# 

采纳扶助

sys.doc 类似于linux的man命令,可以来得minion模块的详实使用验证。如:

sudo salt ‘qianlnk’ sys.doc test

查看minion qianlnk上test模块的更加的多新闻。

SaltStack github地址:https://github.com/saltstack/salt

8.管理对象属性

Grains是SaltStack组件中格外重大的组件之 旭日东升,因为大家在做安插安排的长河中会平时使用 它,Grains是SaltStack记录Minion的生机勃勃部分静态音讯的零件,大家得以省略地通晓为Grains里面著录着 每台Minion的一些常用属性,比方CPU、内存、磁 盘、互连网音讯等,大家能够通过grains.items查看某 台Minion的有着Grains音讯,Minions的Grains音信是Minions运行的时候收罗陈说给Master的,在事实上 应用蒙受中我们供给基于本身的事情须求去自定义 一些Grains

grains&pillar

SaltStack官方网址文书档案地址:https://docs.saltstack.com

8.1由此Minion配置文件定义Grains

先介绍下比较轻巧的Grains自定义方法,便是通过Minion配置文件定义

Minions的Grains音信是在Minions服务运行的时候陈说给Matser的,所以大家要求修改好Minion配置文 件后重启Minion服务。在Minion的/etc/salt/minion配置文件中暗许有风姿罗曼蒂克部分注释行。这里便是在Minion上 的minion配置文件中如何定义Grains音信例子。上面只需依据活动的须求遵照以下格式去填写相应的 键值对就行,我们注意格式就行,SaltStack的布置文件的暗中认可格式都是YAML格式:

# Custom static grains for this minion can be specified here and used in SLS
# files just like all other grains. This example sets 4 custom grains, with
# the 'roles' grain having two values that can be matched against.
#grains:
#  roles:
#    - webserver
#    - memcache
#  deployment: datacenter4
#  cabinet: 13
#  cab_u: 14-15

为了统风流倜傥保管Minion的Grains音讯,供给把那么些注释复制到minion.d/grains文件中

自定义 grains,客商端上布署

[[email protected] ~]# vi /etc/salt/minion

# Custom static grains for this minion can be specified here and used in SLS
# files just like all other grains. This example sets 4 custom grains, with
# the 'roles' grain having two values that can be matched against.
grains:
  roles:
    - nginx
  env:
    - test
  myname:
    - hadron
#  deployment: datacenter4
#  cabinet: 13
#  cab_u: 14-15

重启salt-minion

[[email protected] ~]# ps -aux|grep salt-minion
root      38792  0.0  0.1 231928 15388 pts/0    S    02:32   0:00 /usr/bin/python /usr/bin/salt-minion restart
root      38795  0.5  0.3 547648 28872 pts/0    Sl   02:32   0:00 /usr/bin/python /usr/bin/salt-minion restart
root      43928  0.3  0.1 231928 15384 pts/0    S    02:34   0:00 /usr/bin/python /usr/bin/salt-minion restart
root      43933  1.8  0.3 547648 28784 pts/0    Sl   02:34   0:00 /usr/bin/python /usr/bin/salt-minion restart
root      45693  0.0  0.0 112648   960 pts/0    S    02:34   0:00 grep --color=auto salt-minion
root      50604  0.0  0.1 231928 15384 pts/0    S    Aug17   0:00 /usr/bin/python /usr/bin/salt-minion start
root      50607  0.0  0.3 760916 29024 pts/0    Sl   Aug17   0:48 /usr/bin/python /usr/bin/salt-minion start
root      92074  0.0  0.1 231928 15388 pts/0    S    01:58   0:00 /usr/bin/python /usr/bin/salt-minion restart
root      92077  0.0  0.3 547916 26832 pts/0    Sl   01:58   0:01 /usr/bin/python /usr/bin/salt-minion restart
[[email protected] ~]# kill 38792 43928 45693 50604
-bash: kill: (45693) - No such process
[[email protected] ~]# ps -aux|grep salt-minion
root      43933  1.2  0.3 547648 28784 pts/0    Sl   02:34   0:00 /usr/bin/python /usr/bin/salt-minion restart
root      46529  0.0  0.0 112648   956 pts/0    S    02:35   0:00 grep --color=auto salt-minion
root      92074  0.0  0.1 231928 15388 pts/0    S    01:58   0:00 /usr/bin/python /usr/bin/salt-minion restart
root      92077  0.0  0.3 547916 26832 pts/0    Sl   01:58   0:02 /usr/bin/python /usr/bin/salt-minion restart
[1]   Terminated              salt-minion start
[3]-  Terminated              salt-minion restart
[4]   Terminated              salt-minion restart
[[email protected] ~]# kill 92077 92074 43933
-bash: kill: (43933) - No such process
[[email protected] ~]# ps -aux|grep salt-minion
root      48215  0.0  0.0 112648   960 pts/0    S    02:36   0:00 grep --color=auto salt-minion
[2]   Terminated              salt-minion restart
[[email protected] ~]# salt-minion restart &
[1] 49052
[[email protected] ~]# 

服务端获取 grains

[[email protected] ~]# salt 'nb1' grains.item role env myname
nb1:
    ----------
    env:
        - test
    myname:
        - hadron
    role:
        - nginx
[[email protected] ~]# 
[[email protected] ~]# salt 'nb1' grains.item role
nb1:
    ----------
    role:
        - nginx
[[email protected] ~]#

小心:grains 在长途奉行命令时很平价。大家能够遵照 grains 的如日中天部分目的来操作。举个例子把富有的 web 服务器的 grains 的 role 设置为 nginx,这那样我们就足以批量对 nginx 的服务器实行操作了:

[[email protected] ~]# salt -G role:nginx cmd.run 'hostname'
nb1:
    nb1
[[email protected] ~]# 

[[email protected] ~]# salt -G os:CentOS cmd.run 'hostname'
nb1:
    nb1
nb0:
    nb0
nb2:
    nb2
[[email protected] ~]#

什么是grains?

Grains是服务器的风姿洒脱雨后冬笋粒子音讯,也等于服务器的一花样相当多物理,软件条件新闻。在实施salt的sls时候能够依附Grains信息的不等对服务器实行匹配分组,比方能够依照系统是centos服务器跟系统是redhat境况的设置不一样的软件包。

SaltStack架构

8.2 pillar

pillar 和 grains 不平等,是在 master 上定义的,况兼是对准 minion 定义的部分新闻。像有个别相当的重大的数码(密码)能够存在 pillar 里,还能定义变量等。

(1)服务端自定义配置 pillar

[[email protected] ~]# vim /etc/salt/master

找到如下内容,

#pillar_roots:
#  base:
#    - /srv/pillar
#

去掉#号,修改为

pillar_roots:
  base:
    - /srv/pillar

[[email protected] ~]# mkdir /srv/pillar

自定义配置文件,内容如下

[[email protected] ~]# vim /srv/pillar/test.sls
[[email protected] ~]# cat /srv/pillar/test.sls
conf: /etc/test123.conf
myname: hadron
[[email protected] ~]# 

总入口文件,内容如下

[[email protected] ~]# vim /srv/pillar/top.sls
[[email protected] ~]# cat /srv/pillar/top.sls
base:
  'nb1':
    - test
[[email protected] ~]#

重启master

[[email protected] ~]# ps -aux|grep salt-master
root      29178  0.0  0.3 313076 26816 pts/3    S    Aug17   0:00 /usr/bin/python /usr/bin/salt-master start
root      29242  0.5  0.4 407192 32856 pts/3    Sl   Aug17   1:24 /usr/bin/python /usr/bin/salt-master start
root      29243  0.0  0.2 395004 22692 pts/3    Sl   Aug17   0:00 /usr/bin/python /usr/bin/salt-master start
root      29244  0.0  0.3 395004 24292 pts/3    Sl   Aug17   0:00 /usr/bin/python /usr/bin/salt-master start
root      29245  0.0  0.2 313076 22016 pts/3    S    Aug17   0:00 /usr/bin/python /usr/bin/salt-master start
root      29250  0.0  0.3 1204752 28560 pts/3   Sl   Aug17   0:01 /usr/bin/python /usr/bin/salt-master start
root      29251  0.0  0.3 1205064 28624 pts/3   Sl   Aug17   0:01 /usr/bin/python /usr/bin/salt-master start
root      29252  0.0  0.3 1205068 28596 pts/3   Sl   Aug17   0:01 /usr/bin/python /usr/bin/salt-master start
root      29255  0.0  0.3 1205068 28648 pts/3   Sl   Aug17   0:01 /usr/bin/python /usr/bin/salt-master start
root      29258  0.0  0.3 1205072 28584 pts/3   Sl   Aug17   0:01 /usr/bin/python /usr/bin/salt-master start
root      29261  0.0  0.2 689932 22668 pts/3    Sl   Aug17   0:00 /usr/bin/python /usr/bin/salt-master start
root      93354  0.0  0.0 112652   960 pts/2    S    03:07   0:00 grep --color=auto salt-master
[[email protected] ~]# kill 29178 29242 29243 29244 29245 29250 29251 29252 29255 29258 29261

在独立终端运维

[[email protected] ~]# salt-master start

注意:当改变完 pillar 配置文件后,我们得以经过刷新 pillar 配置来博取新的 pillar 状态

[[email protected] ~]# salt '*' saltutil.refresh_pillar
nb1:
    True
nb0:
    True
nb2:
    True
[[email protected] ~]# 

验证

[[email protected] ~]# salt 'nb1' pillar.items
nb1:
    ----------
    conf:
        /etc/test123.conf
    myname:
        hadron
[[email protected] ~]# salt 'nb1' pillar.item conf
nb1:
    ----------
    conf:
        /etc/test123.conf
[[email protected] ~]# salt 'nb1' pillar.item myname
nb1:
    ----------
    myname:
        hadron
[[email protected] ~]# 

pillar 同样能够用来作为 salt 的配对象

[[email protected] ~]# salt -I 'conf:/etc/test123.conf' test.ping
nb1:
    True
[[email protected] ~]# salt -I 'conf:/etc/test123.conf' cmd.run 'w'
nb1:
     03:17:08 up 67 days, 14:25,  1 user,  load average: 0.02, 0.12, 0.24
    USER     TTY      FROM             [email protected]   IDLE   JCPU   PCPU WHAT
    root     pts/0    hadron           Mon21   24:44   2.38s  0.16s -bash
[[email protected] ~]#

查看grains的功能

sudo salt ‘qianlnk’ sys.list_functions grains
qianlnk: 
  - grains.append 
  - grains.delval 
  - grains.fetch 
  - grains.filter_by 
  - grains.get 
  - grains.get_or_set_hash 
  - grains.has_value 
  - grains.item 
  - grains.items 
  - grains.ls 
  - grains.remove 
  - grains.set 
  - grains.setval 
  - grains.setvals 

在SaltsStack架构中服务端叫作Master,顾客端叫作Minion,都以以守护进度的方式运维,一贯监听配置文件中定义的ret_port(saltstack顾客端与服务端通信的端口,担负接收客商端发送过来的结果,暗许4506端口)和publish_port(saltstack的消息发布系列,暗中认可4505端口)的端口。当Minion运维时会自动三番五次到布置文件中定义的Master地址ret_port端口进行连接认证。

9. 计划处理安装Apache

下边实行的示范是远程通过 yum 情势安装 Apache。步骤如下:

(1)配置

[[email protected] ~]# vim /etc/salt/master

找到如下内容

# file_roots:
#   base:
#     - /srv/salt/

去掉#注释

file_roots:
  base:
    - /srv/salt

[[email protected] ~]# mkdir /srv/salt
[[email protected] ~]# vim /srv/salt/top.sls
[[email protected] ~]# cat /srv/salt/top.sls
base:
  'nb1':
    - apache
[[email protected] ~]#

[[email protected] ~]# vim /srv/salt/apache.sls
[[email protected] ~]# cat /srv/salt/apache.sls
apache-service:
  pkg.installed:
    - names:
      - httpd
      - httpd-devel
  service.running:
    - name: httpd
    - enable: True
[[email protected] ~]#

当心:apache-service 是自定义的 id 名。pkg.installed 为包安装函数,上边是要安装的包的名字。service.running 也是一个函数,来确定保证钦点的劳动运转,enable 表示开机运转。

(2)重启服务

[[email protected] ~]# salt-master start 
^C[WARNING ] Stopping the Salt Master
[WARNING ] Stopping the Salt Master
[WARNING ] Stopping the Salt Master

Exiting on Ctrl-c

Exiting on Ctrl-c

Exiting on Ctrl-c
You have mail in /var/spool/mail/root
[[email protected] ~]# salt-master start

[[email protected] ~]# salt 'nb1' state.highstate
nb1:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: Package httpd is already installed.
     Started: 03:38:36.137884
    Duration: 1250.258 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: The following packages were installed/updated: httpd-devel
     Started: 03:38:37.388313
    Duration: 33668.276 ms
     Changes:   
              ----------
              apr-devel:
                  ----------
                  new:
                      1.4.8-3.el7
                  old:
              apr-util-devel:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              cyrus-sasl:
                  ----------
                  new:
                      2.1.26-20.el7_2
                  old:
              cyrus-sasl-devel:
                  ----------
                  new:
                      2.1.26-20.el7_2
                  old:
              httpd:
                  ----------
                  new:
                      2.4.6-45.el7.centos.4
                  old:
                      2.4.6-45.el7.centos
              httpd-devel:
                  ----------
                  new:
                      2.4.6-45.el7.centos.4
                  old:
              httpd-tools:
                  ----------
                  new:
                      2.4.6-45.el7.centos.4
                  old:
                      2.4.6-45.el7.centos
              openldap-devel:
                  ----------
                  new:
                      2.4.40-13.el7
                  old:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 03:39:11.080192
    Duration: 6685.669 ms
     Changes:   
              ----------
              httpd:
                  True

Summary
------------
Succeeded: 3 (changed=2)
Failed:    0
------------
Total states run:     3
[[email protected] ~]# 

表明 Apache 远程安装已成功。

[[email protected] ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-08-18 03:39:17 EDT; 2min 10s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 11613 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─11613 /usr/sbin/httpd -DFOREGROUND
           ├─11715 /usr/sbin/httpd -DFOREGROUND
           ├─11716 /usr/sbin/httpd -DFOREGROUND
           ├─11717 /usr/sbin/httpd -DFOREGROUND
           ├─11718 /usr/sbin/httpd -DFOREGROUND
           └─11719 /usr/sbin/httpd -DFOREGROUND

Aug 18 03:39:16 nb1 systemd[1]: Starting The Apache HTTP Server...
Aug 18 03:39:16 nb1 httpd[11613]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.1.161. Set the 'ServerN...his message
Aug 18 03:39:17 nb1 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[[email protected] ~]# 

查看grains信息

sudo salt ‘qianlnk’ grains.items

图片 2

10.states文件

salt states的骨干是sls文件,该公文使用YAML语法定义了部分k/v的数目。

sls文件贮存根路线在master配置文件中定义,默感觉/srv/salt,该目录在操作系统上空头支票,必要手动创设。

在salt中得以由此salt://代替根路线,比如你可以通过salt://top.sls访谈/srv/salt/top.sls。

在states中top文件也由master配置文件定义,默认为top.sls,该公文为states的输入文件。 贰个简单的sls文件如下:

apache:
 pkg.installed
 service.running
   - require:
     - pkg: apache

证实:此SLS数据确定保障叫做”apache”的软件包(package)已经设置,而且”apache”服务(service)正在运营中。

  • 先是行,被称作ID表达(ID Declaration)。ID表明评释能够操控的名字。
  • 其次行和第四行是State表明(State Declaration),它们分别采取了pkg和service states。pkg state通过系统的包管理其管理非同日常包,service state处理类别服务(daemon)。 在pkg及service列下面是运作的法子。方法定义包和劳务应该怎么办。此处是软件包应该被安装,服务应该处于运转中。
  • 第六行使用require。本办法称为”必得指令”(Requisite Statement),申明唯有当apache软件包安装成功时,apache服务才运营起来

salt-master是透过写sls配置处理minion上海重机厂新指令的,服务处境等等。

salt states的中坚是sls文件,该公文使用YAML语法定义了蒸蒸日上部分k/v的多寡。sls文件贮存根路线在master配置文件中定义,默以为/srv/salt,该目录在操作系统上空中楼阁,须求手动创制。

[[email protected] ~]# mkdir -p /srv/salt/base

怎么利用grains?

  1. Master:调整宗旨,salt命令运转和能源景况管理
  2. Minion : 需求管住的客户端机器,会积极性去连接Mater端,并从Master端获得能源气象
  3. 音信,同步财富管理音信
  4. States:配置管理的指令集
  5. Modules:在指令行七月配备文件中使用的授命模块,能够在指令行中运维
  6. Grains:minion端的变量,静态的
  7. Pillar:minion端的变量,动态的相比私密的变量,可以由此布置文件落到实处共同minions定义
  8. highstate:为minion端下发永世增加状态,从sls配置文件读取.即同步状态配置
  9. salt_schedule:会自动保持客商端配置

11.文件目录管理

命令行中使用

对操作系统是Ubuntu的服务器执行test.ping 
➜ salt sudo salt -G "os:Ubuntu" test.ping 
dk1: 
  True 
dk2: 
  True 

显示cpu架构是x86_64的服务器的cpu个数 
➜ salt sudo salt -G 'cpuarch:x86_64' grains.item num_cpus 
dk2: 
  ---------- 
  num_cpus: 
  4 
dk1: 
  ---------- 
  num_cpus: 
  4 

SaltStack安装配备

11.1文书管理

(1)服务端配置

[[email protected] ~]# vim /srv/salt/top.sls
[[email protected] ~]# cat /srv/salt/top.sls
base:
  'nb1':
    - apache
  'nb2':
    - filetest
[[email protected] ~]# 

新建 filetest.sls 文件

[[email protected] ~]# vim /srv/salt/filetest.sls
[[email protected] ~]# cat /srv/salt/filetest.sls
file-test:
  file.managed:
    - name: /tmp/filetest.txt
    - source: salt://test/123/1.txt
    - user: root
    - group: root
    - mode: 644
[[email protected] ~]# 

在意:第意气风发行的 file-test 为自定的名字,表示该配置段的名字,能够在其余配置段中引用它;source钦赐文件从哪儿拷贝,这里的 test 目录相当于是 /srv/salt/test 目录;name钦定远程客商端要转移的公文。

新建所要测量检验的源文件

[[email protected] ~]# mkdir -p /srv/salt/test/123/
[[email protected] ~]# echo "file test" > /srv/salt/test/123/1.txt
[[email protected] ~]#

奉行命令:

[[email protected] ~]# salt 'nb2' state.highstate
nb2:
----------
          ID: file-test
    Function: file.managed
        Name: /tmp/filetest.txt
      Result: True
     Comment: File /tmp/filetest.txt updated
     Started: 03:59:13.664379
    Duration: 505.159 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644

Summary
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
[[email protected] ~]# 

(2)顾客端验证

[[email protected] ~]# cat /tmp/filetest.txt 
file test
[[email protected] ~]# 

sls中使用

#在top.sls中使用 

'os:Ubuntu': 
  - match: grain 
  - webserver 

在top.sls入口中对系统是Ubuntu的服务器执行webserver.sls里定义的状态信息。 

暗中同意以CentOS6为例,选拔yum安装,还也许有别的安装格局,如pip、源码、salt-bootstrap

11.2索引管理

(1)接着编辑以前的 top.sls 文件

修改为如下

[[email protected] ~]# vim /srv/salt/top.sls
[[email protected] ~]# cat /srv/salt/top.sls
base:
  'nb1':
    - apache
  'nb2':
    - filedir
[[email protected] ~]#

(2)新建 filedir.sls 文件

[[email protected] ~]# vim /srv/salt/filedir.sls
[[email protected] ~]# cat /srv/salt/filedir.sls
file-dir:
  file.recurse:
    - name: /tmp/testdir
    - source: salt://test/123
    - user: root
    - file_mode: 644
    - dir_mode: 755
    - mkdir: True
    - clean: True
[[email protected] ~]#

clean: True 源删除文件或目录,目的也会随着删除,不然不会去除。能够暗中同意设置为 False

(3)新建所要测验的源目录

/srv/salt/test/123已经存在,且有二个文书

[[email protected] ~]# ls /srv/salt/test/123
1.txt
[[email protected] ~]# cat /srv/salt/test/123/1.txt 
file test

(4)奉行命令

[[email protected] ~]# salt 'nb2' state.highstate
nb2:
----------
          ID: file-dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: Recursively updated /tmp/testdir
     Started: 01:38:38.129930
    Duration: 392.34 ms
     Changes:   
              ----------
              /tmp/testdir/1.txt:
                  ----------
                  diff:
                      New file
                  mode:
                      0644

Summary
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
[[email protected] ~]#

(5)客户端验证

[[email protected] ~]# ls /tmp
filetest.txt                     Jetty_0_0_0_0_16010_master____.6nvknp        Jetty_localhost_40934_datanode____.k20t6j
hadoop-root-journalnode.pid      Jetty_0_0_0_0_16030_regionserver____.45q9os  Jetty_nb2_50070_hdfs____xjgcrn
hadoop-unjar4050493136279788948  Jetty_0_0_0_0_8042_node____19tj0x            systemd-private-bd8f0cf7c19147208fb1f2948ed5483f-vmtoolsd.service-LQvsNz
hsperfdata_root                  Jetty_0_0_0_0_8480_journal____.8g4awa        testdir
[[email protected] ~]# ls /tmp/testdir/
1.txt
[[email protected] ~]# 

(6)测量检验增加和删除成效

在服务端新建newDir目录以致文件a,删除1.txt 文件

[[email protected] ~]# cd /srv/salt/test/123
[[email protected] 123]# mkdir newDir
[[email protected] 123]# echo "Hello" > newDir/a
[[email protected] 123]# rm -rf 1.txt

(7)再度试行命令

[[email protected] ~]# salt 'nb2' state.highstate
nb2:
----------
          ID: file-dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: Recursively updated /tmp/testdir
     Started: 01:45:59.688250
    Duration: 442.358 ms
     Changes:   
              ----------
              /tmp/testdir/newDir:
                  ----------
                  /tmp/testdir/newDir:
                      New Dir
              /tmp/testdir/newDir/a:
                  ----------
                  diff:
                      New file
                  mode:
                      0644
              removed:
                  - /tmp/testdir/1.txt

Summary
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
[[email protected] ~]#

(8)再度证实

[[email protected] ~]# ls /tmp/testdir/
newDir
[[email protected] ~]# ls /tmp/testdir/newDir/
a
[[email protected] ~]#

注意的是要成功开创newDir目录,前提是newDir目录下要有文件;如果未有,顾客端是不会制造newDir目录的。

自定义grains

存在方式:

1、core grains 
2、在/etc/salt/grains 中自定义 
3、在/etc/salt/minion 中自定义 
4、在_grains目录中自定义grains,同步到minions 
  • core grains是系统设定的grains,假若自定义的grains的名称跟core grains中的一样则会将之覆盖掉。
  • 在minion端的/etc/salt/grains中定义:
root@17ca9e9efc8a:/etc/salt# cat grains  
roles: 
  - zookeeper 
  - kafka 

留心!该目录下荒诞不经grains文件的话本身创设,定义grains后必要重启salt-minion。

测试:

sudo salt -G “roles:kafka”  test.ping
cn2: 
  True
  • 在/etc/salt/minion中定义,类似在/etc/salt/grains中定义。
  • 在master端,_grains目录中定义:
➜  cd /srv/salt 
➜  mkdir _grains 
➜  cd _grains  
➜  vi my_grain.py 
#添加内容 
➜  cat my_grain.py  
def my_grains(): 
grains = {'roles' : ['phpserver','webserver']} 
return grains 

➜  sudo salt -E "dk*" saltutil.sync_grains     #刷新minion的grains 
dk2: 
  - grains.my_grain 
dk1: 
  - grains.my_grain 
➜  sudo salt -E "dk*" grains.item roles 
dk2: 
  ---------- 
  roles: 
  - phpserver 
  - webserver 
dk1: 
  ---------- 
  roles: 
  - phpserver 
  - webserver 

➜ sudo salt -G "roles:webserver" test.ping 
dk2: 
  True 
dk1: 
  True 

EPEL源配置

12.远程实施

前方提到远程推行命令 test.ping,cmd.run,点前面包车型地铁是模块,点前边的是函数;那样总归是不太标准化,下边详细介绍怎么远程实施命令温州昆曲本。

什么是pillar?

跟grains的构造是千篇意气风发律的,也是字典格式,数据通过key/value的格式进行仓库储存。使用独立的session加密。Pillar是数额主导, 其在Saltstack中最主要的效劳正是储存和概念配置管理中需求的有的数码,比方软件版本号、客商名密码等音信。

rpm -ivh https://mirrors.tuna.tsinghua.edu.cn/epel/epel-release-latest-6.noarch.rpm

12.第11中学间隔施行命令

(1)接着编辑此前的 top.sls 文件

[[email protected] ~]# vim /srv/salt/top.sls
[[email protected] ~]# cat /srv/salt/top.sls
base:
  'nb1':
    - cmdtest
  'nb2':
    - filedir
[[email protected] ~]# 

(2)新建 cmdtest.sls 文件

[[email protected] ~]# vim /srv/salt/cmdtest.sls
[[email protected] ~]# cat /srv/salt/cmdtest.sls
cmd-test:  
  cmd.run:
    - onlyif: test -f /tmp/1.txt
    - names:
      - touch /tmp/cmdtest.txt
      - mkdir /tmp/cmdtest
    - user: root
[[email protected] ~]# 

条件 onlyif 表示若 /tmp/1.txt文书存在,则实行前面包车型地铁指令;能够动用 unless,两者正好相反。

[[email protected] ~]# echo "hello" > /tmp/1.txt
[[email protected] ~]# cat /tmp/1.txt 
hello
[[email protected] ~]#

(3)实施命令

[[email protected] ~]# salt 'nb1' state.highstate
nb1:
----------
          ID: cmd-test
    Function: cmd.run
        Name: touch /tmp/cmdtest.txt
      Result: True
     Comment: Command "touch /tmp/cmdtest.txt" run
     Started: 02:23:07.347360
    Duration: 565.866 ms
     Changes:   
              ----------
              pid:
                  7209
              retcode:
                  0
              stderr:
              stdout:
----------
          ID: cmd-test
    Function: cmd.run
        Name: mkdir /tmp/cmdtest
      Result: True
     Comment: Command "mkdir /tmp/cmdtest" run
     Started: 02:23:07.913505
    Duration: 208.682 ms
     Changes:   
              ----------
              pid:
                  7245
              retcode:
                  0
              stderr:
              stdout:

Summary
------------
Succeeded: 2 (changed=2)
Failed:    0
------------
Total states run:     2
[[email protected] ~]#

(4)验证

[[email protected] ~]# ll /tmp|grep cmd
drwxr-xr-x 2 root root   6 Aug 21 02:23 cmdtest
-rw-r--r-- 1 root root   0 Aug 21 02:23 cmdtest.txt
[[email protected] ~]# 

查看grains的功能

➜ ~ sudo salt "cn1" sys.list_functions pillar 
cn1: 
  - pillar.data 
  - pillar.ext 
  - pillar.fetch 
  - pillar.file_exists 
  - pillar.get 
  - pillar.item 
  - pillar.items 
  - pillar.keys 
  - pillar.ls 
  - pillar.obfuscate 
  - pillar.raw 

Pillar数据跟特定的Minion关联,能够用来传递Minion自身的新闻。管理员也足以自定义本人的pillar来保管minion。

安装、配置管理端(master)

12.2 远程推行脚本

(1)接着编辑早先的 top.sls 文件

[[email protected] ~]# vim /srv/salt/top.sls
[[email protected] ~]# cat /srv/salt/top.sls
base:
  'nb1':
    - cmdtest
  'nb2':
    - shelltest
[[email protected] ~]# 

(2)新建 shelltest.sls 文件

[[email protected] ~]# vim /srv/salt/shelltest.sls
[[email protected] ~]# cat /srv/salt/shelltest.sls
shell-test:
  cmd.script:
    - source: salt://test/1.sh
    - user: root
[[email protected] ~]# 

(3)新建 1.sh 脚本文书

[[email protected] ~]# vim /srv/salt/test/1.sh
[[email protected] ~]# cat /srv/salt/test/1.sh
#!/bin/bash
touch /tmp/shelltest.txt
if [ -d /tmp/shelltest ]
then
    rm -rf /tmp/shelltest
else
    mkdir /tmp/shelltest
fi
[[email protected] ~]#

(4)施行命令

[[email protected] ~]# salt 'nb2' state.highstate
nb2:
----------
          ID: shell-test
    Function: cmd.script
      Result: True
     Comment: Command 'shell-test' run
     Started: 02:35:33.341722
    Duration: 585.072 ms
     Changes:   
              ----------
              pid:
                  48228
              retcode:
                  0
              stderr:
              stdout:

Summary
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
[[email protected] ~]# 

(5)客户端验证

[[email protected] ~]# ll /tmp|grep shell
drwxr-xr-x 2 root root   6 Aug 21 02:35 shelltest
-rw-r--r-- 1 root root   0 Aug 21 02:35 shelltest.txt
[[email protected] ~]# 

经过下边包车型大巴例证,大家贯彻了中远间隔执行脚本;如若大家想欣欣向荣键远程安装 LAMP 或许LNMP,那么只需把本例中的 1.sh 脚本替换到 生龙活虎键设置的台本就行。

自定义pillar

在master的sls文件中定义,master配置需求钦命pillar的目录。

pillar_roots: 
  base: 
  - /srv/pillar 

➜ pillar git:(master) ✗ pwd
/srv/pillar

➜ pillar git:(master) ✗ cat top.sls 
base:
  '*':
  - data
  - git

➜ pillar git:(master) ✗ cat data/init.sls
roles: webserver
➜ pillar git:(master) ✗ cat git.sls
{% if grains[‘os’] == ‘CentOs’ %}
git: git
{% elif grains[‘os’] == ‘Debian’ %}
git: git-core
{% endif %}

暗许情状下,master配置文件中的全体数据都会增添到pillar中,且对负有的minion可用。就算要禁绝那二个暗许值,能够设置master文件中的选项:
pillar_opts: False

pillar跟sls一样有和好的top.sls文件作为入口来公司别的的pillar。base中 “×”制订具有minion具有pillar:mongodb、zookeeper、kafka、supervisor, 然后是各样minion组有谈得来的init.sls。kafka.sls中定义kafka对应的片段音信。

修改完pillar文件后必要用以下的授命刷新以下minion的新闻:

➜ pillar git:(master) ✗ sudo salt 'cn1' saltutil.refresh_pillar 
cn1: 
  True 
yum -y install salt-master
service salt-master start

13.管制职务布置

使用pillar

Target:

#salt使用 -l 选项来使用pillar
➜ pillar git:(master) ✗ sudo salt -l ”roles:webserver” test.ping

sls文件中央银行使:

#如根据系统环境安装git
➜ salt git:(master) ✗ cat git_env.sls
git:
  pkg.installed:
    - name: {{pillar[‘git’]}}

#或者:
git:
  pkg.installed:
    - name: {{ salt[‘pillar.get’](‘git’, ‘git’) }}

注:需要iptables开启master端4505、4506端口

13.1 建立 cron

(1)编辑 top.sls 文件

[[email protected] ~]# vim /srv/salt/top.sls
[[email protected] ~]# cat /srv/salt/top.sls
base:
  'nb1':
    - crontest
  'nb2':
    - shelltest
[[email protected] ~]#

(2)编辑 crontest.sls 文件

[[email protected] ~]# vim /srv/salt/crontest.sls
[[email protected] ~]# cat /srv/salt/crontest.sls
cron-test:
  cron.present:
    - name: /bin/touch /tmp/111.txt
    - user: root
    - minute: '*'
    - hour: 20
    - daymonth: 1-10
    - month: '3,5'
    - dayweek: '*'
[[email protected] ~]#

注意,*内需用单引号引起来。当然大家还足以应用 file.managed 模块来管理cron,因为系统的 cron都是以安插文件的格局存在的。

(3)履行命令

[[email protected] ~]# salt 'nb1' state.highstate
nb1:
----------
          ID: cron-test
    Function: cron.present
        Name: /bin/touch /tmp/111.txt
      Result: True
     Comment: Cron /bin/touch /tmp/111.txt added to root's crontab
     Started: 02:47:51.454886
    Duration: 1478.963 ms
     Changes:   
              ----------
              root:
                  /bin/touch /tmp/111.txt

Summary
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
[[email protected] ~]# 

(4)顾客端验证

[[email protected] ~]# crontab -l
00      03      *       *       *       ntpdate 192.168.1.81
00      03      *       *       *       ntpdate 192.168.1.81
00      03      *       *       *       ntpdate 192.168.1.81
00      03      *       *       *       ntpdate 192.168.1.81
00      03      *       *       *       ntpdate 192.168.1.160
# Lines below here are managed by Salt, do not edit
# SALT_CRON_IDENTIFIER:/bin/touch /tmp/111.txt
* 20 1-10 3,5 * /bin/touch /tmp/111.txt
[[email protected] ~]# 

处理对象Target

在saltstack系统中,大家的管理对象叫作Target。在Master上大家得以行使区别的Target去管理差异的迷你on。这一个Target能够是主机名、系统新闻、定义的分组、以致是自定义绑定的对象。

安装被管理端

13.2 删除 cron

(1)修改 crontest.sls 文件 把 cron.present: 改成 cron.absent: 注意:两个不能够存活,要想删除三个 cron,那以前的 present 就得替换掉大概去除掉。

[[email protected] ~]# vim /srv/salt/crontest.sls
[[email protected] ~]# cat /srv/salt/crontest.sls
cron-test:
  cron.absent:
    - name: /bin/touch /tmp/111.txt
    - user: root
    - minute: '*'
    - hour: 20
    - daymonth: 1-10
    - month: '3,5'
    - dayweek: '*'
[ro
[email protected] ~]#

(2)试行命令

[[email protected] ~]# salt 'nb1' state.highstate
nb1:
----------
          ID: cron-test
    Function: cron.absent
        Name: /bin/touch /tmp/111.txt
      Result: True
     Comment: Cron /bin/touch /tmp/111.txt removed from root's crontab
     Started: 02:56:03.583557
    Duration: 29.663 ms
     Changes:   
              ----------
              root:
                  /bin/touch /tmp/111.txt

Summary
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
[[email protected] ~]# 

(3)顾客端验证

[[email protected] ~]# crontab -l
00      03      *       *       *       ntpdate 192.168.1.81
00      03      *       *       *       ntpdate 192.168.1.81
00      03      *       *       *       ntpdate 192.168.1.81
00      03      *       *       *       ntpdate 192.168.1.81
00      03      *       *       *       ntpdate 192.168.1.160
# Lines below here are managed by Salt, do not edit
[[email protected] ~]#

有何样相配?

所有操作目标参数:

Target Options: 
-E, --pcre                   正则匹配 
-L, --list                   列表匹配 
-G, --grain                  grains 匹配 
--grain-pcre                 grains 加正则匹配 
-N, --nodegroup              组匹配 
-R, --range                  范围匹配 
-C, --compound               综合匹配( 指定多个匹配) 
-I, --pillar                 pillar 值匹配 
-S, --ipcidr                 minions网段地址匹配 
yum -y install salt-minion
sed -i 's@#manster:.*@manster: master_ipaddress@' /etc/salt/minion  #master_ipaddress为管理端IP
echo 10.252.137.141 > /etc/salt/minion_id #个人习惯使用IP,默认主机名
service salt-minion start

14.Saltstack 常用命令

种种相称的详实表明

  • minion ID
sudo salt ‘cn1’ test.ping
  • 通配符(*)
sudo salt ‘cn1’ test.ping
# 匹配所有的minion 
sudo salt '*' test.ping 

# 匹配ID开头为cn的minion 
sudo salt 'cn*' test.ping 

# 匹配cn1、cn2、cn3、cn4、cn5 
sudo salt 'cn[1-5]' test.ping 

# 匹配web-x, web-y, web-z 
sudo salt 'web-[x-z]' test.ping 
  • 正则表明式
# 如: 匹配ID为assassin-production,assassin-sandbox 
sudo salt -E 'assassin-[production|sandbox]' test.ping 

# 在state中也可以这么用 
base: 
  'assassin-[production|sandbox]' 
    - match: pcre 
    - webserver 
  • 列表相配
# 对一些有特殊要求的minion可以手动指定ID作为Target 
sudo salt -L 'cn1, cn2, cn23' test.ping 
  • grains匹配
# 如 测试所有操作系统为ubuntu的为minion 
sudo salt -G 'os:Ubuntu' test.ping 

# 查看CPU架构是x86_64的minion的cpu个数 
sudo salt -G 'cpuarch:x86_64' grains.item numcpus 


# 在top.sls中使用 
'node_type:web' 
  - match: grain 
  - webserver 
'node_type:mysql' 
  - match: grain 
  - database 
  • pillar匹配
  # pillar匹配跟grains差不多, 不过将grains对象换成pillar 
sudo salt -I 'somekey:specialvalue' test.ping 
  • 组匹配
# 节点分组需要先在top.sls或者master配置文件中定义好。
nodegroups: 
 group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com' 
 group2: 'G@os:Debian and foo.domain.com' 
 group3: 'G@os:Debian and N@group1' 
 group4: 
 - 'G@foo:bar' 
 - 'or' 
 - 'G@foo:baz' 

sudo salt -N group1 test.ping 

# 在top.sls中: 
base: 
  group1: 
  - match: nodegroup 
  - webserver 
  • CIDR匹配
# 指定192.168.1.0/24网段内的minion 
sudo salt -S '192.168.1.0/24' test.ping 
  • 复合相配
salt -C 'G@os:Ubuntu or L@cn1,cn2' test.ping

终极,不时候相称到的minion会很多,倘诺直白全体举行master恐怕会挂机。
据此大家得以分批执行:

# 一次10个minion执行 
sudo salt '*' -b 10 test.ping 

# 一次25%执行 
sudo salt -G 'os:Ubuntu' --batch-size 25% test.ping 

Master与Minion认证

14.1正片文件到顾客端

[[email protected] ~]# salt 'nb1' cp.get_file salt://apache.sls /tmp/cp.txt
nb1:
    /tmp/cp.txt
[[email protected] ~]#

[[email protected] ~]# cat /tmp/cp.txt 
apache-service:
  pkg.installed:
    - names:
      - httpd
      - httpd-devel
  service.running:
    - name: httpd
    - enable: True
[[email protected] ~]# 

本着管理对象Target的操作,Module

  • 翻看全部的module列表
sudo salt "cn1" sys.list_modules  
cn1: 
  - aliases 
  - alternatives 
  - archive 
  - artifactory 
... 
  • 查看钦点module的富有function
➜ pillar git:(master) ✗ sudo salt "cn1" sys.list_functions cmd 
cn1: 
  - cmd.exec_code 
  - cmd.exec_code_all 
  - cmd.has_exec 
  - cmd.powershell 
  - cmd.retcode 
  - cmd.run 
  - cmd.run_all 
  - cmd.run_bg 
  - cmd.run_chroot 
  - cmd.run_stderr 
  - cmd.run_stdout 
  - cmd.script 
  …
  • 翻看钦点module用法
➜ pillar git:(master) ✗ sudo salt "cn1" sys.doc cmd 
cmd.exec_code: 

  Pass in two strings, the first naming the executable language, aka - 
  python2, python3, ruby, perl, lua, etc. the second string containing 
  the code you wish to execute. The stdout will be returned. 

  CLI Example: 

  salt '*' cmd.exec_code ruby 'puts "cheese"' 

minion在首先次运行时,会在/etc/salt/pki/minion/(该路线在/etc/salt/minion里面安装)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。master在收到到minion的public key后,通过salt-key命令accept minion public key,那样在master的/etc/salt/pki/master/minions下的将会寄放以minion id命名的 public key,然后master就能够对minion发送指令了。
证实命令如下:

14.2 拷贝目录到顾客端

[[email protected] ~]# salt 'nb1' cp.get_dir salt://test /tmp
nb1:
    - /tmp/test/1.sh
    - /tmp/test/123/newDir/a
[[email protected] ~]# 

[[email protected] ~]# ll /tmp/test/
total 4
drwxr-xr-x 3 root root  20 Aug 21 03:02 123
-rw-r--r-- 1 root root 126 Aug 21 03:02 1.sh
[[email protected] ~]#

安插管理States

salt states是salt模块的扩张。主系统使用的景况系统叫SLS系统,SLS代表Saltstack State。States是Saltstack中的配置语言,在普通进行布局管理时索要编写制定多量的States文件。举例我们须要安装多少个包,然后管理一个配置文件,最终保障有个别服务平时运转。这里就要求我们编辑一些states sls文件去描述和落到实处大家想要的职能。

[root@10.252.137.14 ~]# salt-key -L    #查看当前证书签证情况
Accepted Keys:
Unaccepted Keys:
10.252.137.141
Rejected Keys:
[root@10.252.137.14 ~]# salt-key -A -y   #同意签证所有没有接受的签证情况
The following keys are going to be accepted:
Unaccepted Keys:
10.252.137.141
Key for minion 10.252.137.141 accepted.
[root@10.252.137.14 ~]# salt-key -L
Accepted Keys:
10.252.137.141
Unaccepted Keys:
Rejected Keys:

14.3 显示存活的顾客端

[[email protected] ~]# salt-run manage.up
- nb0
- nb1
- nb2
[[email protected] ~]# 

翻开state modules的详实使用

# 1、查看所有states列表
sudo salt ‘cn1’ sys.list_state_modules

# 2、 查看指定state的所有function
sudo salt ‘cn1’ sys.list_state_functions cmd

# 3、查看指定states的用法
sudo salt ‘cn1’ sys.state_doc cmd

# 4、查看指定state指定function的用法
sudo salt ‘cn1’ sys.state_doc cmd.run

SaltStack远程推行

14.4 命令下实践服务端的脚本

[[email protected] ~]# vim /srv/salt/test/shell.sh
[[email protected] ~]# cat /srv/salt/test/shell.sh
#! /bin/bash
echo "hadron.cn" > /tmp/shell.txt
[[email protected] ~]# 

[[email protected] ~]# salt 'nb2' cmd.script salt://test/shell.sh
nb2:
    ----------
    pid:
        86257
    retcode:
        0
    stderr:
    stdout:
[[email protected] ~]# 

[[email protected] ~]# cat /tmp/shell.txt 
hadron.cn
[[email protected] ~]# 

Salt state树

# 在/etc/salt/master中配置file_roots
file_roots: 
  base: 
  - /srv/salt 
[root@10.252.137.14 ~]# salt '*' test.ping
10.252.137.141:
True
[root@10.252.137.14 ~]# salt '*' cmd.run 'ls -al'
10.252.137.141:
total 40
drwx------  4 root root 4096 Sep  7 15:01 .
drwxr-xr-x 22 root root 4096 Sep  3 22:10 ..
-rw-------  1 root root  501 Sep  7 14:49 .bash_history
-rw-r--r--  1 root root 3106 Feb 20  2014 .bashrc
drwx------  2 root root 4096 Jan 30  2015 .cache
drwxr-xr-x  2 root root 4096 Apr 22 13:57 .pip
-rw-r--r--  1 root root  140 Feb 20  2014 .profile
-rw-r--r--  1 root root   64 Apr 22 13:57 .pydistutils.cfg
-rw-------  1 root root 4256 Sep  7 15:01 .viminfo

15.问题

 [[email protected] ~]# salt-master start
[ERROR   ] An extra return was detected from minion nb1, please verify the minion, this could be a replay attack
[ERROR   ] An extra return was detected from minion nb1, please verify the minion, this could be a replay attack

实行三回命令,再次来到七个值

 [[email protected] ~]# salt '*' cmd.run   'df -h'
nb1:
    Filesystem           Size  Used Avail Use% Mounted on
    /dev/mapper/cl-root   48G  4.3G   44G   9% /
    devtmpfs             3.9G     0  3.9G   0% /dev
    tmpfs                3.9G   24K  3.9G   1% /dev/shm
    tmpfs                3.9G  385M  3.5G  10% /run
    tmpfs                3.9G     0  3.9G   0% /sys/fs/cgroup
    /dev/sda1           1014M  139M  876M  14% /boot
    /dev/mapper/cl-home   24G   33M   24G   1% /home
    tmpfs                781M     0  781M   0% /run/user/0
nb1:
    Filesystem           Size  Used Avail Use% Mounted on
    /dev/mapper/cl-root   48G  4.3G   44G   9% /
    devtmpfs             3.9G     0  3.9G   0% /dev
    tmpfs                3.9G   24K  3.9G   1% /dev/shm
    tmpfs                3.9G  385M  3.5G  10% /run
    tmpfs                3.9G     0  3.9G   0% /sys/fs/cgroup
    /dev/sda1           1014M  139M  876M  14% /boot
    /dev/mapper/cl-home   24G   33M   24G   1% /home
    tmpfs                781M     0  781M   0% /run/user/0
nb0:
    Filesystem           Size  Used Avail Use% Mounted on
    /dev/mapper/cl-root   48G   27G   22G  55% /
    devtmpfs             3.9G     0  3.9G   0% /dev
    tmpfs                3.9G   16K  3.9G   1% /dev/shm
    tmpfs                3.9G  394M  3.5G  11% /run
    tmpfs                3.9G     0  3.9G   0% /sys/fs/cgroup
    /dev/sda1           1014M  139M  876M  14% /boot
    /dev/mapper/cl-home   24G   33M   24G   1% /home
    tmpfs                781M     0  781M   0% /run/user/0
    /dev/loop0           7.8G  7.8G     0 100% /var/ftp/iso-home
[[email protected] ~]#

主题材料时有产生的因由在node2节点上再也运营

 [[email protected] ~]# salt-minion start
^C[WARNING ] Stopping the Salt Minion
[WARNING ] Exiting on Ctrl-c
[[email protected] ~]# 

ctrl c终止第一回的salt-minion运营就能够。

Salt state的top文件

top.sls是state系统的进口文件,它在遍布铺排管理工科作中担当钦赐哪些设备调用哪些states.sls文件。top.sls是salt state默许的sls文件,在未做极其制定的时候salt state会私下认可调用top.sls来履行。如:

sudo salt ‘cn1’ state.hightate

top.sls须求手动创立,地点则是salt state树定义的目录/srv/salt下。

salt推行命令的格式如下:

调试Salt

# 开启debug日志
salt-minion -l debug

# 设置超时
salt ‘*’ state.highstate -t 60
salt ''  [arguments]

简短的例子

cat top.sls
base:                       # 匹配状态树的base目录配置
  ‘*’:                        # 匹配minion
    - webserver         # 表示执行base目录下的webserver.sls状态文件或者webserver/init.sls文件

cat webserver.sls
apache:                   # ID声明,跟yum install apache指定的名称一样
  pkg:                      # 状态声明,说明要做什么状态操作,pkg使用系统本地的软件包管理工具
    - installed           # 函数声明,说明该sls文件指定的执行操作函数
  service:                #管理系统守护进程
    - running
    - require:
      - pkg: apache

# 更新所有minion的状态
sudo salt “*” state.highstate

注:这样就可以在所有的minion中安装apache了。

当然也可以不要top.sls,直接指定sls文件来执行
sudo salt ‘cn1’ state.sls webserver

或者使用apply function,apply会根据后面的参数来决定调用state.highstate还是state.sls
sudo salt ‘cn1’ state.apply webserver

target:试行salt命令的对象,能够使用正则表明式

简简单单的强盛

累积配备文件和客户
布局apache那样的服务还亟需加多其它的从头到尾的经过,比如apache的配置文件,运转apache服务的客商和组。

# 目录结构:
ls /srv/salt/apache
init.sls
http.conf

cat init.sls
apache:                   
 pkg:                     
    - installed          
  service:               
    - running
    - watch:
      - pkg: apache
      - file: /etc/httpd/conf/httpd.conf
      - user: apache
  user.present:
    - did: 87
    - gid: 87
    - home: /var/www/html
    - shell: /bin/nologin
    - require:
      - group: apache
group.present:
  - gid: 87
  - require:
    - pkg: apache
/etc/httpd/conf/httpd.conf
  file.managed:
    - source: salt://apache/httpd.conf
    - user: root
    - group: root
    - mode: 644

function:方法,由module提供

自定义module

依据官方网址的传道,自定义module应该贮存在/srv/salt/_modules/目录下。同步到minion的情势有二种:

state.apply
saltutil.sync_modules
saltutil.sync_all

例子:

#encoding = utf8

def test():
    return 'this is a test'

def get_target():
    return __grains__['target']

def get_domain(service):
    dom = __pillar__[service]['domain']
    return dom

def deploy(service,version):
    target = get_target()
    domain = get_domain(service)
    cmd = "gover -s " service " -t " target " -v " str(version) " -d "  domain
    return __salt__['cmd.run'](cmd)

arguments:function的参数

target能够是以下内容:

  1. 正则表明式

    salt -E 'Minion*' test.ping #主机名以迷你on开通

  2. 列表匹配

    salt -L Minion,Minion1 test.ping

  3. Grians匹配

    salt -G 'os:CentOS' test.ping

os:CentOS(暗中同意存在)是Grains的键值对,数据以yaml保存在minion上,可在minion端直接编辑/etc/salt/grains,yaml格式。大概在master端实行salt '*' grains.setval key "{'sub-key': 'val', 'sub-key2': 'val2'}" ,具体文书档案(命令salt * sys.doc grains查看文书档案)

  1. 组匹配

    salt -N groups test.ping

如,在master新建/etc/salt/master.d/nodegroups.conf ,yaml格式

  1. 复合相配

    salt -C 'G@os:CentOS or L@Minion' test.ping

  2. Pillar值匹配

    salt -I 'key:value' test.ping

/etc/salt/master设置pillar_roots,数据以yaml保存在Master上

  1. CIDR匹配

    salt -S '10.252.137.0/24' test.ping

10.252.137.0/24是一个钦点的CIDSportage网段

function是module提供的办法

由此上边三令五申能够查阅全体的function:
salt '10.252.137.141' sys.doc cmd

function基本上能用参数:

salt '10.252.137.141' cmd.run 'uname -a'

况且帮忙珍视字参数:

在所有minion上切换到/目录以salt用户运行uname -a命令。
salt '10.252.137.141' cmd.run 'uname -a' cwd=/ user=salt

SaltStack配置管理

states文件

salt states的骨干是sls文件,该公文使用YAML语法定义了意气风发部分k/v的多少。

sls文件存放根路线在master配置文件中定义,默感到/srv/salt,该目录在操作系统上不设有,须要手动创制。

在salt中能够因而salt://代替根路线,譬如你能够因此salt://top.sls访谈/srv/salt/top.sls。

在states中top文件也由master配置文件定义,默以为top.sls,该文件为states的入口文件。

二个粗略的sls文件如下:

apache:
 pkg.installed
 service.running
   - require:
     - pkg: apache

表达:此SLS数据确定保证叫做"apache"的软件包(package)已经设置,何况"apache"服务(service)正在运转中。

  • 先是行,被可以称作ID表明(ID Declaration)。ID表明声明能够操控的名字。
  • 第二行和第四行是State表明(State Declaration),它们各自使用了pkg和service states。pkg state通过系统的包管理其管理入眼包,service state管理体系服务(daemon)。 在pkg及service列下面是运营的措施。方法定义包和劳动应该怎么办。此处是软件包应该被设置,服务应该处于运维中。
  • 第六行使用require。本办法称为”必需指令”(Requisite Statement),申明独有当apache软件包安装成功时,apache服务才开动起来。

state和方法能够由此点连起来,上边sls文件和下部文件意思一样。

apache:
 pkg.installed
 service.running
   - require:
     - pkg: apache

将地点sls保存为init.sls并放置在sal://apache目录下,结果如下:

/srv/salt
├── apache
│   └── init.sls
└── top.sls

top.sls怎样定义呢?

master配置文件中定义了二种意况,各个情状都能够定义多少个目录,然而要防止冲突,分别如下:

# file_roots:
#   base:
#     - /srv/salt/
#   dev:
#     - /srv/salt/dev/services
#     - /srv/salt/dev/states
#   prod:
#     - /srv/salt/prod/services
#     - /srv/salt/prod/states

top.sls能够这么定义:

base:
  '*':
   - apache

说明:

首先行,注脚使用base意况

第二行,定义target,这里是相称全部

其三行,注解使用什么states目录,salt会搜索每一个目录下的init.sls文件。

运行states

假诺成立完states并修改完top.sls之后,你能够在master上实践上边谈笑风生:

[root@10.252.137.14 ~]# salt '*' state.highstate
sk2:
----------
State: - pkg
Name:      httpd
Function:  installed
Result:    True
Comment:   The following packages were installed/updated: httpd.
Changes:
----------
httpd:
----------
new:
2.2.15-29.el6.centos
old:
----------
State: - service
Name:      httpd
Function:  running
Result:    True
Comment:   Service httpd has been enabled, and is running
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 2
Failed:    0
------------
Total:     2

下面命令会触发全体minion从master下载top.sls文件以致中间定二个的states,然后编写翻译、施行。推行完之后,minion会将进行结果的摘要音讯上报给master。

图片 3

编辑:服务器运维 本文来源:高速入门SaltStack,飞速入门教程

关键词: 欧洲杯竞猜