saltstack之远程执行
a.目标 b.执行模块 c.返回
目标 执行模块 返回 格式: 命令 目标 执行模块 执行模块参数 样例: salt '*' cmd.run ‘free -m’
1. saltstack远程执行——>目标
执行目标doc:https://docs.saltstack.com/en/latest/topics/targeting/index.html#advanced-targeting-methods
1.1)和Minion ID相关的目标匹配方式
MinionID匹配 [root@slave1 ~]# salt 'slave1' service.status httpd slave1: False 通配符* ? [1-2]等匹配 [root@slave1 ~]# salt '*' service.status sshd slave1: True slave2: True [root@slave1 ~]# salt 'slave?' service.status sshd slave1: True slave2: True [root@slave1 ~]# salt 'slave[1-2]' service.status sshd slave2: True slave1: True
列表匹配
[root@slave1 ~]# salt -L 'slave1,slave2' test.ping
slave1:
True
slave2:
True
正则匹配
[root@slave1 ~]# salt -E 'slave(1|2)' test.ping
slave2:
True
slave1:
True
1.2) 和Minion无关的匹配
列表匹配: [root@slave1 ~]# salt -L 'slave1,slave2' test.ping slave1: True slave2: True Grains匹配 [root@slave1 ~]# salt -G 'os:CentOS' test.ping slave2: True slave1: True 子网 ip地址匹配 [root@slave1 ~]# salt -S '10.0.0.0/24' test.ping slave1: True slave2: True Pillar匹配 #key:value,在Pillar系统中提前定义 [root@slave1 ~]# salt -I 'apache:httpd' test.ping slave1: True slave2: True
1.3)Node Groups匹配
#在master配置文件进行定义node-groups [root@slave1 ~]# vim /etc/salt/master nodegroups: slave-group: 'L@slave1,slave2' #注意要空两格 [root@slave1 ~]# salt -N slave-group test.ping slave2: True slave1: True
1.4)批处理执行–Batch size
#先执行1台完成后再执行一台,按比例去执行 [root@slave1 ~]# salt '*' -b 1 test.ping Executing run on ['slave2'] retcode: 0 slave2: True Executing run on ['slave1'] retcode: 0 slave1: True #按比例匹配执行,好比在重启服务器时,为了不影响业务,可以先重启一部分,再重启后面一部分 [root@slave1 ~]# salt -G 'os:CentOS' --batch-size 50% test.ping Executing run on ['slave2'] retcode: 0 slave2: True Executing run on ['slave1'] retcode: 0 slave1: True
1.5)混合匹配,使用不多。
2.saltstack远程执行——>执行模块
执行模块doc: https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules
#测试主机能否连接外网: [root@slave1 ~]# salt '*' network.connect www.baidu.com 80 slave1: ---------- comment: Successfully connected to www.baidu.com (111.13.100.91) on tcp port 80 result: True slave2: ---------- comment: Successfully connected to www.baidu.com (111.13.100.92) on tcp port 80 result: True #域名解析: [root@slave1 ~]# salt '*' network.dig baidu.com slave1: ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> baidu.co ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3009 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; MBZ: 0005 , udp: 4096 ;; QUESTION SECTION: ;baidu.com. IN A ;; ANSWER SECTION: baidu.com. 5 IN A 123.125.115.110 baidu.com. 5 IN A 220.181.57.216 ;; Query time: 22 msec ;; SERVER: 10.0.0.2#53(10.0.0.2) ;; WHEN: Sat Nov 17 17:37:52 CST 2018 ;; MSG SIZE rcvd: 70 slave2: ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5375 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; MBZ: 0005 , udp: 4096 ;; QUESTION SECTION: ;baidu.com. IN A ;; ANSWER SECTION: baidu.com. 5 IN A 220.181.57.216 baidu.com. 5 IN A 123.125.115.110 ;; Query time: 23 msec ;; SERVER: 10.0.0.2#53(10.0.0.2) ;; WHEN: Sat Nov 17 17:37:52 CST 2018 ;; MSG SIZE rcvd: 70 # 复制文件:salt-cp : [root@slave1 ~]# salt '*' cmd.run 'mkdir /tmp/syk' slave2: slave1: [root@slave1 ~]# salt-cp '*' /etc/hosts /tmp/syk/ {'slave1': {'/tmp/syk/hosts': True}, 'slave2': {'/tmp/syk/hosts': True}} [root@slave1 ~]# [root@slave1 ~]# [root@slave1 ~]# salt '*' cmd.run 'ls /tmp/syk' slave2: hosts slave1: hosts
3.saltstack远程执行——>返回模块
返回模块doc: https://docs.saltstack.com/en/latest/ref/returners/index.html
Return组件可以理解为SaltStack系统对执行Minion返回后的数据进行存储或者返回给其他程序,它支持多种存储方式,
如MySQL、Redis、ELK、zabbix,通过Return我们可以对SaltStack的每次操作进行记录,对以后的日志审计提供了数据来源。
Return是在Master端触发任务,然后Minion接受处理任务直接与Return存储服务器建立链接,然后把数据存储到服务器。
这里我们以mysql执行结果返回举例:
minion直接将命令执行结果写入到MySQL
依赖包:MySQL-python
1) SATL.RETURNERS.MYSQL(minion返回MySQL)
1 所有minion需要安装MySQL-python [root@slave1 ~]# salt '*' pkg.install MySQL-python #使用pkg模块安装MySQL-python slave1: ---------- MySQL-python: ---------- new: 1.2.5-1.el7 old: slave2: ---------- MySQL-python: ---------- new: 1.2.5-1.el7 old: 2. 安装mariadb数据库 [root@slave1 ~]# yum install -y mariadb-server 3. 创建salt库,创建jid、salt_returns、salt_events表,授权 [root@slave1 ~]# systemctl start mariadb.service [root@slave1 ~]# mysql MariaDB [(none)]> CREATE DATABASE `salt` -> DEFAULT CHARACTER SET utf8 -> DEFAULT COLLATE utf8_general_ci; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> USE `salt`; MariaDB [salt]> CREATE TABLE `jids` ( -> `jid` varchar(255) NOT NULL, -> `load` mediumtext NOT NULL, -> UNIQUE KEY `jid` (`jid`) -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Query OK, 0 rows affected (0.01 sec) REATE TABLE `salt_returns` ( -> `fun` varchar(50) NOT NULL, -> `jid` varchar(255) NOT NULL, -> `return` mediumtext NOT NULL, -> `id` varchar(255) NOT NULL, -> `success` varchar(10) NOT NULL, -> `full_ret` mediumtext NOT NULL, -> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, -> KEY `id` (`id`), -> KEY `jid` (`jid`), -> KEY `fun` (`fun`) -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Query OK, 0 rows affected (0.01 sec) MariaDB [salt]> CREATE TABLE `salt_events` ( -> `id` BIGINT NOT NULL AUTO_INCREMENT, -> `tag` varchar(255) NOT NULL, -> `data` mediumtext NOT NULL, -> `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, -> `master_id` varchar(255) NOT NULL, -> PRIMARY KEY (`id`), -> KEY `tag` (`tag`) -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Query OK, 0 rows affected (0.00 sec) MariaDB [salt]> show tables; +----------------+ | Tables_in_salt | +----------------+ | jids | | salt_events | | salt_returns | +----------------+ 3 rows in set (0.00 sec) MariaDB [salt]> grant all on salt.* to salt@'%' identified by 'salt'; Query OK, 0 rows affected (0.00 sec) 4. 修改salt-minion,配置MySQL链接 [root@slave2 ~]# vim /etc/salt/minion ###### Returner settings ###### ############################################ # Which returner(s) will be used for minion's result: #return: mysql mysql.host: '10.0.0.211' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 [root@slave2 ~]# systemctl restart salt-minion.service #清除slave1用户,否则对后面测试有影响 MariaDB [(none)]> select user,host from mysql.user; +------+-----------+ | user | host | +------+-----------+ | salt | % | | root | 127.0.0.1 | | root | ::1 | | | localhost | | root | localhost | | | slave1 | | root | slave1 | +------+-----------+ MariaDB [(none)]> drop user "root"@"slave1"; MariaDB [(none)]> drop user ""@"slave1"; MariaDB [(none)]> flush privileges; [root@slave1 salt]# vim /etc/salt/minion ###### Returner settings ###### ############################################ # Which returner(s) will be used for minion's result: #return: mysql mysql.host: '10.0.0.211' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 [root@slave1 salt]# systemctl restart salt-minion.service #测试 [root@slave1 salt]# salt '*' test.ping --return mysql slave1: True slave2: True MariaDB [salt]> select * from salt_returns\G; *************************** 1. row *************************** fun: test.ping jid: 20181118004551491520 return: true id: slave1 success: 1 full_ret: {"fun_args": [], "jid": "20181118004551491520", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "slave1"} alter_time: 2018-11-18 00:45:51 *************************** 2. row *************************** fun: test.ping jid: 20181118004551491520 return: true id: slave2 success: 1 full_ret: {"fun_args": [], "jid": "20181118004551491520", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "slave2"} alter_time: 2018-11-18 00:45:51 2 rows in set (0.00 sec)
2)使用salt的job_cache机制将命令写入mysql(常用方法)
这里执行的所有命令都会写入mysql,不用使用return,把cache写在mysql
这里minion不再需要连接mysql,直接修改master即可。
root@slave1 salt]# vim /etc/salt/master ##### Returner settings ###### ############################################ # Which returner(s) will be used for minion's result: #return: mysql master_job_cache: mysql mysql.host: '10.0.0.211' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306 [root@slave1 salt]# systemctl restart salt-master.service #测试 [root@slave1 salt]# salt '*' cmd.run 'date' slave2: Sun Nov 18 00:55:45 CST 2018 slave1: Sun Nov 18 00:55:44 CST 2018 [root@slave1 salt]# mysql -e "select * from salt.salt_returns\G;" *************************** 1. row *************************** fun: cmd.run jid: 20181118005544806629 return: "Sun Nov 18 00:55:45 CST 2018" id: slave2 success: 1 full_ret: {"fun_args": ["date"], "jid": "20181118005544806629", "return": "Sun Nov 18 00:55:45 CST 2018", "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2018-11-17T16:55:44.847235", "fun": "cmd.run", "id": "slave2"} alter_time: 2018-11-18 00:55:44 *************************** 2. row *************************** fun: cmd.run jid: 20181118005544806629 return: "Sun Nov 18 00:55:44 CST 2018" id: slave1 success: 1 full_ret: {"fun_args": ["date"], "jid": "20181118005544806629", "return": "Sun Nov 18 00:55:44 CST 2018", "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2018-11-17T16:55:44.895262", "fun": "cmd.run", "id": "slave1"} alter_time: 2018-11-18 00:55:44 #加上-v参数可以看到jid,并且通过jid可以查看运行的结果 [root@slave1 salt]# salt '*' cmd.run 'uptime' -v Executing job with jid 20181118005727674446 ------------------------------------------- slave2: 00:57:28 up 7:33, 1 user, load average: 0.00, 0.01, 0.05 slave1: 00:57:27 up 1:08, 2 users, load average: 0.09, 0.23, 0.20 [root@slave1 salt]# salt-run jobs.lookup_jid 20181118005727674446 slave1: 00:57:27 up 1:08, 2 users, load average: 0.09, 0.23, 0.20 slave2: 00:57:28 up 7:33, 1 user, load average: 0.00, 0.01, 0.05
