Saltstack 介绍、安装、配置(一)

Slatstack 介绍

官网:https://saltstack.com/

官方源:http://repo.saltstack.com/  (介绍各操作系统安装方法)

centos 6源

yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el6.noarch.rpm

centos 7 源 

yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el7.noarch.rpm 

http://repo.saltstack.com/yum/redhat/7/x86_64

基于python开发,提供REST API接口

三大功能: 远程执行、配置管理(状态)、云管理

其它:Puppet(ruby)、ansible(python)

四种运行方式:Local、Minion/Master(C/S)、Syndic(代理,类似zabbix proxy)、Salt SSH

 

快速安装

 - 安装

服务端

yum install salt-master salt-minion -y

客户端

yum install salt-minion -y

启动服务端

systemctl start salt-master

配置客户端

vim /etc/salt/minion
master: 192.168.137.11  # 配置master地址
id:   # 每台主机的唯一标识,不配置默认为主机名

启动客户端

systemctl start salt-minion

启动后/etc/salt下生成minion_id文件,默认为主机名

如果修改id,需要删除minion_id

 

 - master和minion启动后pki介绍

第一次启动minion在/etc/salt下生成pki文件目录

包含minion的公钥minion.pub和私钥minion.pem

第一次启动master在/etc/salt下生成pki文件目录

包含master的公钥master.pub和私钥master.pem

linux-node1.example.com和linux-node2.example.com为minion的公钥,名称为id名

minions_pre为预认证目录

 

 - 认证

salt-key 

Accepted Keys 已同意的key

Denied Keys 拒绝的key

Unaccepted Keys 未认证的key

salt-key -a linux-node1.example.com

指定linux-node1.example.com这台minion被信任

salt-key -a linux*  # 通配符

说明:-a :accept ,-A:accept-all,-d:delete,-D:delete-all

两台minion已认证成功,此时再次查看master pki文件目录,minion的公钥文件放入了minions目录下

再次查看minion pki文件目录,存在minion_master.pub公钥文件

 

 - 远程执行

语法: 命令 目标 模块.方法 方法参数

检查所有主机状态

salt '*' test.ping

检查指定主机状态

salt "linux-node2.example.com" test.ping

指定主机,远程执行shell命令

salt "linux-node2.example.com" cmd.run "ls -lrt /root"

重启所有主机的zabbix agent

salt "*" cmd.run "systemctl restart zabbix-agent"

 

- 状态模块

state 写一个描述文件。格式:YAML ,后缀:.sls

YAML介绍(重要)

YAML是"YAML Ain't a Markup Language"(YAML不是一种置标语言)的递归缩写。(可以查看百度百科介绍)

格式:数据结构可以用类似大纲的缩排方式呈现,结构通过缩进来表示,连续的项目通过减号“-”来表示,map结构里面的key/value对用冒号“:”来分隔。

样例如下:

salt管理理解YAML介绍 https://docs.saltstack.com/en/latest/topics/yaml/index.html

salt YAML三个规则:

1)缩进,需要用2个空格,不能使用Tab键;

2)冒号,冒号和缩进共用、键值对(中间有空格)

3)短横线, 于后面的值有空格

 

- master配置

vim /etc/salt/master
file_roots  # 定义base、测试、灰度、生产环境配置文件路径,base名称不能改

重启master

systemctl restart salt-master

创建配置文件目录

cd /srv
mkdir salt

 

 - sls文件创建

apache.sls,放入到/srv/salt/web目录下

apache-install:   # 自定义的id,名称
  pkg.installed:  # 状态模块,salt自带的, 模块.方法
    - names:      # 参数
      - httpd
      - httpd-devel

apache-service:      # 自定义的id,名称
  service.running:   # 状态模块,salt自带的, 模块.方法
    - name: httpd     # 参数
	- enable: True

执行这个文件

salt "*" state.sls web.apache

执行流程:

1)master将这个文件发送至minion

2)minion放在/var/cache/salt/minion目录下

3)minion根据这个文件从上往下执行

执行结果

  1 linux-node2.example.com:
  2 ----------
  3           ID: apache-install
  4     Function: pkg.installed
  5         Name: httpd
  6       Result: True
  7      Comment: The following packages were installed/updated: httpd
  8      Started: 13:12:23.142622
  9     Duration: 103093.75 ms
 10      Changes:   
 11               ----------
 12               apr:
 13                   ----------
 14                   new:
 15                       1.4.8-3.el7
 16                   old:
 17               apr-util:
 18                   ----------
 19                   new:
 20                       1.5.2-6.el7
 21                   old:
 22               httpd:
 23                   ----------
 24                   new:
 25                       2.4.6-40.el7.centos.4
 26                   old:
 27               httpd-tools:
 28                   ----------
 29                   new:
 30                       2.4.6-40.el7.centos.4
 31                   old:
 32               mailcap:
 33                   ----------
 34                   new:
 35                       2.1.41-2.el7
 36                   old:
 37 ----------
 38           ID: apache-install
 39     Function: pkg.installed
 40         Name: httpd-devel
 41       Result: True
 42      Comment: The following packages were installed/updated: httpd-devel
 43      Started: 13:14:06.266419
 44     Duration: 75699.845 ms
 45      Changes:   
 46               ----------
 47               apr-devel:
 48                   ----------
 49                   new:
 50                       1.4.8-3.el7
 51                   old:
 52               apr-util-devel:
 53                   ----------
 54                   new:
 55                       1.5.2-6.el7
 56                   old:
 57               cyrus-sasl-devel:
 58                   ----------
 59                   new:
 60                       2.1.26-20.el7_2
 61                   old:
 62               expat-devel:
 63                   ----------
 64                   new:
 65                       2.1.0-8.el7
 66                   old:
 67               httpd-devel:
 68                   ----------
 69                   new:
 70                       2.4.6-40.el7.centos.4
 71                   old:
 72               libdb-devel:
 73                   ----------
 74                   new:
 75                       5.3.21-19.el7
 76                   old:
 77               openldap-devel:
 78                   ----------
 79                   new:
 80                       2.4.40-9.el7_2
 81                   old:
 82 ----------
 83           ID: apache-service
 84     Function: service.running
 85         Name: httpd
 86       Result: True
 87      Comment: Service httpd has been enabled, and is running
 88      Started: 13:15:22.549732
 89     Duration: 509.773 ms
 90      Changes:   
 91               ----------
 92               httpd:
 93                   True
 94 
 95 Summary for linux-node2.example.com
 96 ------------
 97 Succeeded: 3 (changed=3)
 98 Failed:    0
 99 ------------
100 Total states run:     3
101 Total run time: 179.303 s
102 linux-node1.example.com:
103 ----------
104           ID: apache-install
105     Function: pkg.installed
106         Name: httpd
107       Result: True
108      Comment: Package httpd is already installed
109      Started: 21:12:17.773014
110     Duration: 1030.017 ms
111      Changes:   
112 ----------
113           ID: apache-install
114     Function: pkg.installed
115         Name: httpd-devel
116       Result: True
117      Comment: The following packages were installed/updated: httpd-devel
118      Started: 21:12:18.803216
119     Duration: 179505.346 ms
120      Changes:   
121               ----------
122               apr-devel:
123                   ----------
124                   new:
125                       1.4.8-3.el7
126                   old:
127               apr-util-devel:
128                   ----------
129                   new:
130                       1.5.2-6.el7
131                   old:
132               cyrus-sasl-devel:
133                   ----------
134                   new:
135                       2.1.26-20.el7_2
136                   old:
137               expat-devel:
138                   ----------
139                   new:
140                       2.1.0-8.el7
141                   old:
142               httpd-devel:
143                   ----------
144                   new:
145                       2.4.6-40.el7.centos.4
146                   old:
147               libdb-devel:
148                   ----------
149                   new:
150                       5.3.21-19.el7
151                   old:
152               openldap-devel:
153                   ----------
154                   new:
155                       2.4.40-9.el7_2
156                   old:
157 ----------
158           ID: apache-service
159     Function: service.running
160         Name: httpd
161       Result: True
162      Comment: The service httpd is already running
163      Started: 21:15:18.523234
164     Duration: 62.391 ms
165      Changes:   
166 
167 Summary for linux-node1.example.com
168 ------------
169 Succeeded: 3 (changed=1)
170 Failed:    0
171 ------------
172 Total states run:     3
173 Total run time: 180.598 s
View Code

 

- top file

默认文件名top.sls,放在base目录下,base目录在file_roots配置项配置

通过top.sls文件可以实现根据不同的minion执行不同的sls文件

base:  # 固定名称,必填
  'linux-node1.example.com':  # minion id
    - web.apache  # apache.sls
  'linux-node2.example.com':
    - web.apache

salt "*" state.highstate

上面命令执行state高级状态,它只会执行入口文件top.sls, 根据top文件中内容执行

生产环境中不建议使用*,需要指定具体主机,先用test测试

salt "linux-node1.example.com" state.highstate test=True

测试正常后执行

salt "linux-node1.example.com" state.highstate

 

posted @ 2016-10-19 18:48  shhnwangjian  阅读(1376)  评论(0编辑  收藏  举报