SaltStack 工具
SaltStack 工具
官方文档:https://docs.saltproject.io/en/latest/contents.html
SaltStack基于Python开发的一套C/S架构配置管理工具。使用SSL证书签发的方式进行认证管理。
可以对主机进行集中管理、文件发布、数据采集、软件包管理等配置管理操作。有利于运维人员提高工作效率,规范业务配置和操作。是常见的自动化运维利器。
Saltstack组成
-
Master是服务端,用于操作调度Minion。
-
Minion是客户端,接收来自Master的指令并执行。
服务端口
-
4505 Master和Minion的认证通信端口。(当客户端启动后,会主动向Masteri端注册)
-
4506 Master与Minion指令交互端口.
配置部署
一台salt-master,多台salt-minion。
centos8
sudo rpm --import https://repo.saltproject.io/salt/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub curl -fsSL https://repo.saltproject.io/salt/py3/redhat/8/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo sudo yum install salt-master sudo yum install salt-minion sudo yum install salt-ssh sudo yum install salt-syndic sudo yum install salt-cloud sudo yum install salt-api ############ salt-master sudo systemctl enable salt-master && sudo systemctl start salt-master sudo systemctl enable salt-syndic && sudo systemctl start salt-syndic sudo systemctl enable salt-api && sudo systemctl start salt-api # netstat -anlpt | grep 450 tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 169619/python3.6 tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 169625/python3.6 ############ salt-minion # vi /etc/salt/minion master: 192.168.1.200 sudo systemctl enable salt-minion && sudo systemctl start salt-minion
centos7
https://docs.saltproject.io/salt/install-guide/en/latest/topics/accept-keys.html
sudo rpm --import https://repo.saltproject.io/salt/py3/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub curl -fsSL https://repo.saltproject.io/salt/py3/redhat/7/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo # classic packages of Salt on CentOS 7 # sudo rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub # curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo sudo yum install salt-master sudo yum install salt-minion sudo yum install salt-ssh sudo yum install salt-syndic sudo yum install salt-cloud sudo yum install salt-api sudo systemctl enable salt-master && sudo systemctl start salt-master sudo systemctl enable salt-minion && sudo systemctl start salt-minion sudo systemctl enable salt-syndic && sudo systemctl start salt-syndic sudo systemctl enable salt-api && sudo systemctl start salt-api
salt-api配置
useradd saltapi passwd saltapi ## 设置密码 123456 yum -y install salt-api vi /etc/salt/master.d/api.conf external_auth: pam: saltapi: - .* - '@wheel' - '@runner' rest_cherrypy: port: 8000 disable_ssl: true host: 0.0.0.0 systemctl restart salt-master systemctl restart salt-api ########## API(success) # curl -k http://127.0.0.1:8000/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='123456' -d eauth='pam' return: - eauth: pam expire: 1619230016.3118818 perms: - .* - '@wheel' - '@runner' start: 1619186816.3118815 token: 01049ff981bc7dae25fdd27875e09afd6cd34989 user: saltapi
salt-master认证salt-minion
https://docs.saltproject.io/salt/install-guide/en/latest/topics/accept-keys.html
| Flag | Description |
|---|---|
| -a <minion ID> | Accepts a specific minion’s key. The -a flag needs to be followed by an argument that includes the ID of the minion key that you want to accept. |
| -A | Accepts all keys. |
| -d <minion_id> | Deletes a specific minion’s key. The -d flag needs to be followed by an argument that includes the ID of the minion key that you want to delete. |
| -L | Lists all minion IDs. |
#删除单个key salt-key -d web1 #删除所有key salt-key -D #匹配删除 salt-key -d 'web*' #查看salt-minion的key salt-key -L #认证salt-minion salt-key -a salt.master.com
操作命令
#检查集群连接和版本 salt '*' test.version ## 模块使用 salt '*' sys.doc cmd.run ## 分发文件 salt-cp 'node01.zy.com' /etc/hosts /tmp/hosts salt-cp -L "node01.zy.com,node02.zy.com" /etc/hosts /tmp/hosts ## 执行命令 salt '*' cmd.run "ls -l | awk '/foo/{print \\$2}'"
