Saltstack使用(基础)

yum install salt-master
yum install salt-minion
端口:4505 salt 的消息发布专用端口
4506 客户端与服务器通信的端口
/lib/systemd/system/salt-master //master 服务位置 可直接使用 systemctl start salt-master

salt-key
-a 接收指定的请求
-A 接收全部的请求
-d 删除指定的请求
-D 删除全部的请求
-p 打印指定请求的公钥
-P 打印全部请求的公钥
-r 拒绝指定的请求
-R 拒绝全部的请求

测试
[root@localhost salt]# salt "*" test.ping
xiaodidi:
True
zhuji2:
True
[root@localhost salt]# salt "*" cmd.run "df -h"
xiaodidi:
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 462G 29G 433G 7% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 112K 3.9G 1% /dev/shm
tmpfs 3.9G 9.0M 3.9G 1% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 197M 124M 74M 63% /boot
tmpfs 788M 4.0K 788M 1% /run/user/42
tmpfs 788M 16K 788M 1% /run/user/1000
tmpfs 788M 0 788M 0% /run/user/0
zhuji2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 50G 13G 38G 26% /
devtmpfs 473M 0 473M 0% /dev
tmpfs 489M 96K 489M 1% /dev/shm
tmpfs 489M 7.2M 482M 2% /run
tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/sda1 1014M 173M 842M 18% /boot
/dev/mapper/cl-home 947G 4.5G 943G 1% /home
tmpfs 98M 16K 98M 1% /run/user/42
tmpfs 98M 0 98M 0% /run/user/0
/dev/sr0 4.1G 4.1G 0 100% /mnt

grains //数据系统
salt '*' grains.ls //列出所有的grains项目名称
salt "*" grains.items //列出所有的grains项目以及值
grains.get osrelease //获取agent的系统版本

vim /etc/salt/minion
grains:
my_server:
- nginx
env:
- test
cabinet: 13
cab_pu: 14-15
salt -G 'osrelease:7.3*' test.ping
-L list
-C (compound 混合)
salt -C 'E@centos7(2|3).* and G@osrelease:7.3*' test.ping

-N (groups)
vim /etc/salt/master
nodegroups:
group1: 'E@zhuji[0-9]'
group2: 'G@osrelease:7.2*'
salt -N 'group1' test.ping

salt '*' sys.list_functions grains 查看模块的功能

salt 'zhuji233' user.add xiaoming 添加用户

salt 'zhuji2' sys.doc user.add // 查看user.add 的用法
查看模块的用法
shadow.set_passwd // 设置密码
openssl passwd a // 将A 加密
salt 'zhuji2' sys.doc shadow.set_passwd // 查看使用功能
sys.list_functions | grep // 指定某一个模块查看其使用方法
sys.list_modules + 模块名 // 查看与指定模块相关的模块

传文件
cd /srv/
mkdir salt
cd salt
vim init.sls
/tmp/hosts: //文件传输的目标位置
file.managed: //传输的方式 还可以用 file.rescurse (可以传输目录)
- source: salt://hosts //需要传输的文件
- user: root // 使用的用户名
- group: root // 使用的组名
- mode: 644 // 文件权限

salt 'zhuji2' state.sls init //向zhuji2传输文件


minion中
vim /etc/minion
grains:
server:
- nginx
- mysql
aaa: 99
bbb: 102
names: xiaodi-1:
salt 'zhuji2' grains.item names
xiaodidi:
----------
names:
xiaodi-2
zhuji234:
----------
names:
xiaodi-3

批量安装软件
vim /etc/salt/master

file_roots:
base:
- /srv/salt

vim /srv/salt/aa.sls
xiaodi-2-ruanjian:
pkg.latest:
- pkgs:
- httpd
- zsh
- tomcat
按条件安装软件
vim /srv/salt/pro.slsl

{% set name = grains['names'] %}

xiaodi_1_2_3_ruanjian:
pkg.latest:
- pkgs:
- httpd
- zsh
- tomcat
{% if name == 'xiaodi-1' %}
- tftp
{% elif name == 'xiaodi-2' %}
- tftp-server
{% elif name == 'xiaodi-3' %}
- bind
{% endif %}
salt '*' file.search /etc/hosts 'localhost' //查找文件中的内容

pillar

[root@localhost pillar]# ls
test test1 test3 top.sls
[root@localhost pillar]# cat test/init.sls
xiaodi-1:
- ip: 172.16.26.233

cat top.sls
base:
'zhuji233':
- test
'xiaodidi':
- test1
'zhuji234':
- test3
salt "*" pillar.items

模版
[root@CentOS73-1 /srv/salt]# vim nginx.sls
/tmp/nginx.conf:
file.managed:
- source: salt://file/nginx.conf
- template: jinja
[root@CentOS73-1 /srv/salt]# vim file/nginx.conf
server {
listen 80;
server_name {{ grains['localhost'] }};

========================state.highstate==========================
# ls *
top.sls
init:
alias.sls audit.sls dns.sls env_init.sls epel.sls files history.sls rpms.sls sudo.sls sysctl.sls test.sls user
# cat top.sls
base:
'*':
- init.env_init
# cat init/env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl //
- init.epel //
- init.test
- init.user
- init.alias
- init.sudo //
# cat init/alias.sls
bash_alias:
file.append:
- name: /etc/bashrc
- text:
- alias grep='grep --color'
- alias ls='ls --color'
# cat init/audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read a b ; echo $b; });logger "[euid=$(whoami)]":$(who am i):[`pwd` ]"$msg";}'
# cat init/dns.sls
dns resolv:
file.managed:
- name: /etc/resolv.conf
- user: root
- group: root
- mode: 644
{% if grains['virtual'] == 'kvm' %}
- source: salt://init/files/resolv.conf
{% endif %}
# cat init/history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT=" %F %T `whoami` ->"
# cat init/rpms.sls
common-packages:
pkg.installed:
- name: tree
- name: tcpdump
- name: iotop
- name: sysstat
- name: wget
- name: curl
# cat init/sudo.sls
sudoers:
file.managed:
- name: /etc/sudoers
- user: root
- group: root
- mode: 440
- source: salt://init/files/sudoers
# cat init/user/init.sls
include:
- init.user.xiaoming
- init.user.xiaoming-key
# cat init/user/xiaoming.sls
bond:
group.present:
- name: BondXiaoming
- gid: 2001
user.present:
- name: BondXiaoming
- fullname: Xiaoming
- uid: 2001
- gid: 2001
- groups:
- BondXiaoming
# cat init/user/xiaoming-key.sls
bond_key:
ssh_auth:
- require:
- sls: init.user.xiaoming
- present
- user: BondXiaoming
- enc: ssh-rsa
- comment: bond key
- names:
- ssh-rsa AAAAB3NzaC1yc2EAAA...........nY5lVvlWPeHwQZzrFP5p8TuRBPh8ZuC5CZ Bond

======================ssh 公钥=============================
ssh
ssh-keygen //生成密钥(公钥与私钥) 在 /root/.ssh/ 下

 

posted @ 2018-09-19 15:45  木易-故事里的人  阅读(255)  评论(0编辑  收藏  举报