【Centos 7】------ SaltStack 初接触

      最近学习了saltstack,初接触,发现他好强大,有多强大? 说不好,我只接触了冰山一角,但已经够我喝一壶的了。

接下来,将探究saltstack的世界,能发现多少新大陆,看自己的能力啦!

 

  • saltstack 介绍:

 

  Salt,一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。

salt底层采用动态的连接总线,使其可以用于编配,远程执行, 配置管理等等。

  一个配置管理系统,能够维护预定义状态的远程节点(比如,确保指定的报被安装,指定的服务在运行)

  一个分布式远程执行系统,用来在远程节点(可以是单个节点,也可以是任意规则挑选出来的节点)上执行命令和查询数据

开发其的目的是为远程执行提供最好的解决方案,并使远程执行变得更好,更快,更简单。

好吧,上面是saltstack中国用户组所提供的介绍。 

saltstack ------ 我理解是这样的:saltstack 是能够解决基础环境中很多特定问题的任务系统,他能够快速安全的与之远程系统通讯并进行远程执行、部署。

目前SaltStack有两种消息系统,一种是RAET,另一种是ZeroMQ,默认使用ZeroMQ。

Salt生来就有命令编排的功能。最先设想的就是远程执行技术,然后才添加的配置管理管理。Salt使用轻量的ZeroMQ来处理消息。

 

  • saltstack 安装:

  环境准备:Centos7 64bit 2台

  IP:192.168.50.130 192.168.50.131

  saltstack 还没有自己在YUM 源,安装需要epel 

参考链接 https://repo.saltstack.com/#rhel
中文参考:http://docs.saltstack.cn/
以下开始安装SaltStack
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el7.noarch.rpm

yum clean expire-cache

yum install salt-master  (master 50.130)

yum install salt-minion  (minion 50.131)

Salt Master需要绑定系统上2个TCP端口,分别是4505和4506
restart salt-minion

安装后配置文件位置

/etc/salt/master

/etc/salt/minion

# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: 192.168.56.130    ------> Master主机IP地址

然后就可以启动salt啦

systemctl restart salt-minion

systemctl restart salt-master

 

-----------------------------------------------------------------------------

  • 开启saltstack的旅途

[root@linux-node1 salt]# cd /etc/salt/pki/minion/

[root@linux-node1 minion]# ls
minion.pem minion.pub -----> minion 生成的key, pub--> 给master

[root@linux-node1 master]# pwd
/etc/salt/pki/master
[root@linux-node1 master]# tree
.
├── master.pem ------> Master 生成的key
├── master.pub
├── minions
├── minions_autosign
├── minions_denied
├── minions_pre
│ ├── linux-node1.example.com
│ └── linux-node2.example.com
└── minions_rejected
Master 需要同意minion才能加入,该情况为Master还未同意情况,所以2台linux主机在minions_pre下面。

  • 第一个命令:

salt-key

salt-key [ options ]

-a ACCEPT--accept=ACCEPT

Accept the specified public key (use --include-all to match rejected keys in addition to pending keys). Globs are supported.

-A--accept-all

Accepts all pending keys.

[root@linux-node1 master]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:            # 下面的2个key还没被加入信任。这个key是什么呢??没错就是上面的pub文件,默认以主机名命名
linux-node1.example.com
linux-node2.example.com
Rejected Keys:

 

[root@linux-node1 master]# salt-key -a linux-node1.example.com
The following keys are going to be accepted:
Unaccepted Keys:
linux-node1.example.com
Proceed? [n/Y] y
Key for minion linux-node1.example.com accepted.
[root@linux-node1 master]# salt-key
Accepted Keys:
linux-node1.example.com
Denied Keys:
Unaccepted Keys:
linux-node2.example.com
Rejected Keys:

好了,不再一个一个同意了,直接使用-A

[root@linux-node1 master]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
linux-node2.example.com
Proceed? [n/Y] y
Key for minion linux-node2.example.com accepted.
[root@linux-node1 master]# salt-key
Accepted Keys:
linux-node1.example.com
linux-node2.example.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:

[root@linux-node1 master]# salt-key -a linux-node*     -----> 支持通配符  


[root@linux-node1 master]# tree
.
├── master.pem
├── master.pub
├── minions
│ ├── linux-node1.example.com --->> minions 公钥,默认主机名
│ └── linux-node2.example.com
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
5 directories, 4 files
[root@linux-node1 master]# cd minions
[root@linux-node1 minions]# ls
linux-node1.example.com linux-node2.example.com
[root@linux-node1 minions]# cat linux-node1.example.com                                           
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3QdazYXU8Wf3KWlczTK
HPzOEhIEIjtoa381xEflvFgMMcQCjbu8wPaFf5QeoyjwEz7jT94mVZ1kXkRdhExQ
jSzSvUR03zUvLWNoD6AeOKzt1cRn10dbmxajx+RhtBlBZWz2y1HnSjrjxaVKxtBc
n+66NHMMNt86Jn1JwEy9ULpt8pIpx1T0uNbEkxOJCNx7iGIraT4WDzlsum8qnoLz
klG4oXccUFTtJFs4bkKqJ/96g3dZ4LnFn6EMAXhDq7TQSgdUYtIRT7h3QUWZoCon
VS8idoTvkm7Q4H5qEnjWUymQsv0FtflTv6vCRPKotcyWOzFe2/y5EHR4BaGyG0DH
twIDAQAB
-----END PUBLIC KEY-----
[root@linux-node1 minions]# ls /etc/salt/pki/minion/
minion_master.pub minion.pem minion.pub <<<<<<----------- Master 将自己在pub key 放到了minion内

此时Master 就可以管理下面的两台minion了。

注:以下的命令注意模块与命令间的空格

  •  第一个远程执行命令

[root@linux-node1 minion]# salt '*' test.ping <<< salt是命令 此ping非彼ping ,查看下面节点是否能回复我;
test 是一个模块 , ping 是模块内在的一个方法
linux-node2.example.com:
True
linux-node1.example.com:
True
[root@linux-node1 minion]# salt '*' cmd.run 'uptime' <<<< cmd.run 万能模块,可以执行所有的shell 命令
linux-node2.example.com:
19:27:10 up 7:53, 3 users, load average: 0.00, 0.01, 0.05
linux-node1.example.com:
20:58:03 up 2:20, 3 users, load average: 0.08, 0.03, 0.05

[root@linux-node1 /etc/salt/pki/master]# salt '*' cmd.run 'free -m ; fdisk -l'
linux-node1.example.com:
total used free shared buff/cache available
Mem: 1824 585 461 5 777 1048
Swap: 2047 58 1989

Disk /dev/sda: 53.7 GB, 53687091200 bytes, 104857600 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000229ae

Device Boot Start End Blocks Id System
/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 5220351 2097152 82 Linux swap / Solaris
/dev/sda3 5220352 104761343 49770496 83 Linux
linux-node2.example.com:
total used free shared buff/cache available
Mem: 1824 265 930 16 628 1363
Swap: 2047 0 2047

Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000171fa

Device Boot Start End Blocks Id System
/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 41943039 20458496 8e Linux LVM

Disk /dev/mapper/centos-root: 18.8 GB, 18756927488 bytes, 36634624 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/centos-swap: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

 

请务必记住这个命令很多时候你会用到:

[root@linux-node1 ~]# salt 'linux-node1*' grains.ls
linux-node1.example.com:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_interfaces
- ip6_interfaces
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- systemd
- uid
- username
- uuid
- virtual
- web
- zmqversion

[root@linux-node1 ~]# salt -h
Usage: salt [options] '<target>' <function> [arguments]

 

posted @ 2016-07-20 01:13  JasonQ.Meng  阅读(197)  评论(0编辑  收藏  举报