Saltstack学习（三）-远程执行及Return

一、saltsatck远程执行

当我们使用salt执行一条远程命令，如：salt '*' cmd.run "df -h"，命令的结构是怎样的呢？

1.1、目标（target）

文档：https://docs.saltstack.com/en/latest/topics/tutorials/modules.html#target

1）通配符匹配方式

[root@master ~]# salt '*' test.ping
[root@master ~]# salt 'salt1-minion.example.com' test.ping 
[root@master ~]# salt 'salt1*' test.ping 
[root@master ~]# salt 'salt[1|2]*' test.ping 
[root@master ~]# salt 'salt?-minion.example.com' test.ping 
[root@master ~]# salt 'salt[!1|2]-minion.example.com' test.ping

2）列表匹配

[root@master ~]# salt -L 'salt-minion1-c7,salt-minion2-c7'test.ping

3）正则匹配

[root@salt0-master ~]# salt -E 'salt(1|2|3|4)*' test.ping 
[root@salt0-master ~]# salt -E 'salt(1|2|3|4)-minion.example.com' test.ping

4）ip匹配

[root@salt-master pillar]# salt -S '10.0.0.21' test.ping
[root@salt-master pillar]# salt -S '10.0.0.0/24' test.ping

5）分组匹配

[root@salt-master ~]# vim /etc/salt/master
nodegroups:
  webserver: 'salt-minion1-c7,salt-minion2-c7'
  dbserver: 'L@salt-minion3-c7,salt-minion2-c7 or salt-minion4*'
  ftpserver: 'G@os:centos and salt-minion1-c7'

[root@salt-master ~]# systemctl restart salt-master.service 
[root@salt-master ~]# salt -N 'webserver' test.ping

6）grains匹配

[root@salt-master ~]# salt -G 'os:centos' test.ping
[root@salt-master ~]# salt -G 'fqdn_ip4:10.0.0.21' test.ping

1.2、远程执行模块

所有的执行模块文档：https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules

1.2.1 pkg模块

文档：https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html#module-salt.modules.yumpkg

根据操作系统不同，选择对应的安装方式（如CentOS系统默认会使用yum，Debian系统默认使用apt-get）

[root@salt-master ~]# salt '*' pkg.install httpd 
[root@salt-master ~]# salt '*' pkg.install httpd reinstall=True  #重装
[root@salt-master ~]# salt '*' pkg.remove httpd
[root@salt-master ~]# salt '*' pkg.latest_version httpd  #查看最新版本

#查看模块帮助 salt '*' pkg

1.2.2 file模块

文档：https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html

[root@salt-master ~]# salt '*' file.stats /etc/passwd  #查看文件状态
[root@salt-master ~]# salt '*' file.touch "/tmp/test"  #创建文件
[root@salt-master ~]# salt '*' file.symlink /tmp/test /tmp/a #创建文件软件软连接，a==>test
[root@salt-master ~]# salt '*' file.rename /path/to/src /path/to/dst   #文件改名
[root@salt-master ~]# salt '*' file.chown /etc/passwd root root   #授权
[root@salt-master ~]# salt '*' file.copy /path/to/src /path/to/dst
[root@salt-master ~]# salt '*' file.mkdir /opt/jetty/context   #创建目录
[root@salt-master ~]# salt '*' file.move /path/to/src /path/to/dst  #移动文件或目录
  
//查看模块帮助 salt '*' file

1.2.3 service模块

文档：https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.rh_service.html#modulesalt.modules.rh_service

salt '*' service.disabled <service name>
salt '*' service.enable <service name>
salt '*' service.enabled <service name>
salt '*' service.missing sshd
salt '*' service.reload <service name>
salt '*' service.restart <service name>
salt '*' service.start <service name>
salt '*' service.status <service name> [service signature]
salt '*' service.stop <service name>

二、返回（Return）

2.1、简介

Return组件可以理解为SaltStack系统对执行Minion返回后的数据存储或者返回给其他程序，支持多种存储方式，例如 MySQL、MongoDB 、Redis、Memcache等。通过Return可以对SaltStack每次的操作进行记录，对以后的日志审计提供了数据源。

2.2、return的配置

文档：https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.mysql.html

1）配置mariadb数据库

#安装软件包并启动
[root@salt-master ~]# yum install mariadb-server mariadb MySQL-python -y   #MySQL-python不可少
[root@salt-master ~]# systemctl enable mariadb
[root@salt-master ~]# systemctl start mariadb

#建立远程连接用户
MariaDB [(none)]> grant all on salt.* to salt@'%' identified by 'salt@Pass';

#创库创表
CREATE DATABASE  `salt`
  DEFAULT CHARACTER SET utf8
  DEFAULT COLLATE utf8_general_ci;

USE `salt`;

DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
  `jid` varchar(255) NOT NULL,
  `load` mediumtext NOT NULL,
  UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE INDEX jid ON jids(jid) USING BTREE;

DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
  `fun` varchar(50) NOT NULL,
  `jid` varchar(255) NOT NULL,
  `return` mediumtext NOT NULL,
  `id` varchar(255) NOT NULL,
  `success` varchar(10) NOT NULL,
  `full_ret` mediumtext NOT NULL,
  `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
  KEY `id` (`id`),
  KEY `jid` (`jid`),
  KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

2）minion端操作

[root@salt-minion1-c7 ~]#  yum install MySQL-python -y
[root@salt-minion1-c7 ~]# vim /etc/salt/minion
#return: mysql
mysql.host: '10.0.0.11'
mysql.user: 'salt'
mysql.pass: 'salt@Pass'
mysql.db: 'salt'
mysql.port: 3306
[root@salt-minion1-c7 ~]# systemctl restart salt-minion.service

3）master端测试

[root@salt-master ~]# salt 'salt-minion1-c7' test.ping --return mysql

#登录mysql查看
MariaDB [salt]> select * from salt_returns\G
*************************** 1. row ***************************
       fun: test.ping
       jid: 20190831143343957298
    return: true
        id: salt-minion1-c7
   success: 1
  full_ret: {"fun_args": [], "jid": "20190831143343957298", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "salt-minion1-c7"}
alter_time: 2019-08-31 14:33:44
1 row in set (0.00 sec)

三、salt ssh使用

使用salt-ssh也可以远程执行命令，无需安装minion

3.1、密码方式

1）master端安装salt-ssh

[root@salt-master ~]# yum install salt-ssh -y

2）编辑rouster文件

[root@salt-master ~]# cat /etc/salt/roster
# Sample salt-ssh config file
#web1:
#  host: 192.168.42.1 # The IP addr or DNS hostname
#  user: fred         # Remote executions will be executed as user fred
#  passwd: foobarbaz  # The password to use for login, if omitted, keys are used
#  sudo: True         # Whether to sudo to root, not enabled by default
#web2:
#  host: 192.168.42.2
salt-minion1-c7:
  host: 10.0.0.21
  user: root
  passwd: 123456
  port: 22

salt-minion2-c7:
  host: 10.0.0.22
  user: root
  passwd: 123456
  port: 22

salt-minion4-c6:
  host: 10.0.0.24
  user: root
  passwd: 123456
  port: 22

3）测试

[root@salt-master ~]# salt-ssh '*' test.ping -i   #使用-i不询问，也可以编辑.ssh/config,加StrictHostKeyChecking no
[root@salt-master ~]# salt-ssh '*' -r 'uptime'

3.2、密钥方式

[root@salt-master ~]# vim /etc/salt/roster
[root@salt-master ~]# cat /etc/salt/roster 
salt-minion1-c7:
  host: 10.0.0.21
  user: root
  priv: /etc/salt/pki/master/ssh/salt-ssh.rsa   #master的密钥
  port: 22

#执行测试，第一次需要将公钥放置到对应服务器上
[root@salt-master ~]# salt-ssh -H
/etc/salt/roster:
    ----------
    salt-minion1-c7:
        10.0.0.21
[root@salt-master ~]# salt-ssh '*' cmd.run 'df -h'
salt-minion1-c7:
    Filesystem      Size  Used Avail Use% Mounted on
    /dev/sda2        48G  2.3G   46G   5% /
    devtmpfs        479M     0  479M   0% /dev
    tmpfs           489M   28K  489M   1% /dev/shm
    tmpfs           489M  6.7M  482M   2% /run
    tmpfs           489M     0  489M   0% /sys/fs/cgroup
    tmpfs            98M     0   98M   0% /run/user/0

posted @ 2019-08-31 13:00 运维人在路上阅读(395) 评论(0) 编辑收藏举报

刷新页面返回顶部

运维人在路上

当你发现自己的才华撑不起野心时，就请安静下来学习吧