Saltstack
一. 安装配置
a. 环境准备
服务端:192.168.1.24 oldboy 客户端:192.168.1.147 oldgirl 客户端:192.168.1.119 olddog 官方文档:https://docs.saltstack.com/en/latest/ 赵班长:https://github.com/unixhot/ #CentOS7 安装 yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm -y #CentOS6 安装 https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm
b. 服务端安装
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -qa | grep salt yum install -y salt-master service salt-master start chkconfig salt-master on vim /etc/salt/master
c. 客户端安装
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm yum -y install salt-minion vim /etc/salt/minion master: 192.168.1.24 service salt-minion start chkconfig salt-minion on
d. 服务端增加客户端
salt-key salt-key -L #两个都是查看 salt-key -A #增加所有 salt-key -a olddog #把olddog、oldgirl加入通信 salt-key -a oldgirl salt-key -D . #删除所有 salt-key -d olddog #删除某个IP
e. salt的常用命令
salt '*' test.ping #ping服务器 salt '*' cmd.run 'echo Hello world!' #输出Hello world salt '*' cmd.run 'df -h' #查看磁盘 salt 'old*' cmd.run 'w' salt '*' pkg.install httpd #远程命令安装httpd salt '*' service.stop httpd #命令关闭服务 salt '*' service.available sshd #查看服务是否开启
f. 匹配minion_id(IP和子网不是匹配minion_id)
salt -L 'olddog,oldgirl' test.ping #列表方式匹配 salt -E 'old(dog|girl)' test.ping #正则方式匹配 salt 'old*' cmd.run 'w' #以通配符匹配 salt -S 172.16.77.100 test.ping #以IP地址匹配 salt -S 172.16.77.0/24 test.ping #以子网方式匹配
二 模块
a. service模块
service.running #确保服务处于运行状态,如果没有运行就启动 service.enabled #确保服务开机自动启动 service.disabled #确保服务开机不自动启动 service.dead #确保服务当前没有运行,如果运行就停止 service.available #查看服务是否开启 salt 'oldboy' service.available sshd #查看sshd服务是否开启 salt 'oldboy' service.get_all #显示所有启动的服务
b. state模块
salt '*' state.show_top #查看top.sls指定的模块
c. return模块
#minion: yum -y install MySQL-python mysq vim /etc/salt/minion mysql.host: '192.168.8.130' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 /etc/init.d/salt-minion restart #master: yum -y install mysql-server MySQL-python /etc/init.d/mysqld start vim /etc/salt/master master_job_cache: mysql mysql.host: '192.168.8.130' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 /etc/init.d/salt-master restart /etc/init.d/salt-minion restart mysql #连接Mysql创建数据库和表 CREATE DATABASE `salt` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; USE `salt`; DROP TABLE IF EXISTS `jids`; CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE INDEX jid ON jids(jid) USING BTREE; DROP TABLE IF EXISTS `salt_returns`; CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; DROP TABLE IF EXISTS `salt_events`; CREATE TABLE `salt_events` ( `id` BIGINT NOT NULL AUTO_INCREMENT, `tag` varchar(255) NOT NULL, `data` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, `master_id` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `tag` (`tag`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; grant all on salt.* to salt@'%'identified by 'salt'; #确定客户机能连上mysql flush privileges; salt '*' test.ping --return mysql #将过程结果返回mysql mysql use salt select * from salt_returns; #查看
d. pkg模块
pkg.installed #确保软件安装,如果没有安装就安装。 pkg.latest #确保软件包是最新版本,如果不是,进行升级 pkg.remove #确保软件包已卸载,如果之前已安装,进行卸载 pkg.purge #除remove外,也会删除其配置文件
e. file模块
file.managed #保证文件存在并且为对应的状态 file.recure #保证目录存在并且为对应状态 file.absent #确保文件不存在,如果存在就删除
f. resquisites模块
require #我依赖某个状态 recure_in #我被某个状态依赖 watch #我关注某个状态 watch_in #我被某个状态关注
三. 数据系统Grains
salt '*' grains.ls #列出所有查询的目标 salt '*' grains.items #查看所有item和值 salt '*' grains.get ip4_interfaces:eth0 #查看eth0的Ip salt '*' grains.get saltversion #查看salt的版本 salt '*' grains.get os #查看操作系统
a. example
客户机oldgirl上执行: vim /etc/salt/grains cloud: openstack /etc/init.d/salt-minion restart 服务器上执行: salt 'oldgirl' grains.get cloud salt -G cloud:openstack cmd.run 'uptime' #执行有cloud:openstack的服务器 salt -G os:CentOS cmd.run 'uptime' #执行所有系统是CentOS的服务器
四 pillar的介绍
vim /etc/salt/master
pillar_roots:
base:
- /srv/pillar #定义目录
state_top: top.sls #定义top
mkdir -p /srv/pillar
cd /srv/pillar
vim packages.sls
{% if grains['os'] == 'CentOS' %}
apache: httpd
git: git
{% elif grains['os'] == 'Debian' %}
apache: apache2
git: git-core
{% endif %}
vim top.sls
base:
'*':
- packages
salt '*' saltutil.refresh_pillar #刷新所有客户端的缓存
salt '*' pillar.get git #查看上面定义的git
salt '*' pillar.get apache #查看上面定义的apache
五 自定义组配置文件
cd /etc/salt/ mkdir master.d && cd master.d/ vim nodegroups.conf nodegroups: web-cluster: 'old*' #定义组,组里面增加主机,可以写多个组 salt -N web-cluster test.ping #根据定义的组执行命令 salt -N web-cluster -b 20% service.start httpd #每次重启20%的主机,直到重启完
六 上传文件
vim /etc/salt/master
# file_roots:
# base:
# - /srv/salt/ #上传文件的目录
#state_top: top.sls #定义top
cd /srv/salt/ && mv /etc/hosts .
salt '*' cp.get_file salt://hosts /mnt/hosts #把hosts文件上传到其它服务器上
salt-cp '*' /tmp/hosts /tmp/ #上传其它目录下的文件用salt-cp
七. YAML用法
mkdir /scripts && cd /scripts vim test.yaml - penyao - oldboy vim parse_yaml.py #!/usr/bin/env python import yaml import sys fd = open(sys.argv[1]) print yaml.load(fd) #ls parse_yaml.py test.yaml #chmod +x parse_yaml.py # ./parse_yaml.py test.yaml ['penyao', 'oldboy']
