saltstack:使用教程之一安装及客户端返回写入MySQL
saltstack使用教程:
1、安装:
需要epel的yum源,没有的话把下面的复制并新建个文件 /etc/yum.repos.d/epel.repo 粘贴即可:
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo] name=Extra Packages for Enterprise Linux 6 - $basearch - Debug #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=1 [epel-source] name=Extra Packages for Enterprise Linux 6 - $basearch - Source #baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=1
服务端安装:
yum install salt-master #/etc/init.d/salt-master restart
客户端安装:
yuim install salt-minion #/etc/init.d/salt-minion restart
2、编辑客户端配置文件:
客户端:
vim /etc/salt/minion master: 192.168.10.205 #指定服务端地址 id: node6.a.com #设置自己的id,服务器会看到客户端的id,可以使用自己的主机名作为id便于区分
3、编辑服务端配置文件:
vim /etc/salt/master
state_top: top.sls #定义top入口文件,告诉state用来映射什么sls模块,然后安装到相应的软件或部署相应的文件到minions上面。 file_roots: #相当于是项目的目录路径,之后批量管理客户的时候的配置文件就定义在这些目录里面 base: - /etc/salt/states dev: - /etc/salt/states/dev prod: - /etc/salt/states/prod /etc/init.d/salt-master restart
4、创建项目目录和文件:
mkdir /etc/salt/states/prod -p
mkdir /etc/salt/states/init -p
5、简单配置管理:
salt-key #查看证书 salt-key -a node6.a.com #对主机认证
[root@node5 ~]# salt "*" test.ping #返回True为主机正常
node6.a.com:
True
salt '*' test.ping #测试所有主机
salt 'minion.saltstack.com' test.ping #测试指定主机
salt "*" cmd.run "df -TH" #远程执行命令
命令格式为:
#salt "目标主机" 模块.方法 "参数"
6、编辑项目配置文件:
cd /etc/salt/states/prod/ state_top: top.sls #文件类型 vim prod/top.sls base: #名称 "minion.saltstack.com": #包含的主机 - init.pkg #执行的文件是init目录下的pkg文件,pkg文件的后缀一定要是sls
vim init/pkg.sls #文件名必须以sls结尾: pkg.init: #ID的声明,随便起名称 pkg.installed: #pkg是状态模块的名字,installed是状态模块的方法,install是安装 - names: #指定要安装的包 - lrzsz #以下是要安装的包的名称 - mtr - nmap - httpd
7、执行操作:
salt "*" state.sls init.pkg #命令格式为:salt "*" 模块.方法 文件
执行结果:
[root@node5 init]# salt "*" state.sls init.pkg node6.a.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 23:58:24.511819 Duration: 1308.811 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed. Started: 23:58:25.820865 Duration: 0.515 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 23:58:25.821461 Duration: 0.323 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: httpd Result: True Comment: Package httpd is already installed. Started: 23:58:25.821883 Duration: 0.324 ms Changes: Summary ------------ Succeeded: 4 Failed: 0 ------------ Total states run: 4
8、文件同步操作:
vim prod/top.sls
base: "minion.saltstack.com": - init.pkg - init.limit
vim init/limit.sls
limit-conf-config: file.managed: - name: /etc/security/limits.conf - source: salt://init/files/limits.conf - user: root - group: root - mode: 644
mkdir init/files cp /etc/security/limits.conf init/files/ salt "*" state.sls init.limit
测试客户端的/etc/security/limits.conf文件已经发生更改:
9、服务端和客户端的key:
服务器:
[root@node5 master]# pwd
/etc/salt/pki/master
[root@node5 master]# ll
-r-------- 1 root root 1679 Mar 3 01:47 master.pem #服务器的私钥
-rw-r--r-- 1 root root 451 Mar 3 01:47 master.pub #服务器的公钥,将发给所有被认证的客户端
[root@node5 master]# cat master.pub #发给客户端的认证公钥 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjBP4H+twndPlHylh/m9 rD/E5CNX0Tl6Bu0/RhxhVJxtmp4fcFhNaKEc/Rf3HF8hYav5FB1wH/HODM9wd1gO Q7P1eOtE8NlW3l6np9maAFCMwjIT97R5lVIPy4ZqRmNzYVu/k0xmHLehjgIipaW2 KT240QyS5a0VI0T+rZLpX5oCrQ+6T6yHQmZLYZFOSAaHpDqYV7YzcirVAekTW0VM de2Dfk+eet3nsUIIEMTy4IOYsq4kDQAvi/0xRga1HVZOlg9CEHKGOFNE7OFxD7JH IHcpw1GOV6ZOoIMmXAr1DcWjtcRiGu6SKHVmZpvUwY2LAIeJIaTK98Cbw8qkwymS HwIDAQAB -----END PUBLIC KEY-----
服务器将客户端的key保存的路径:
/etc/salt/pki/master/minions
[root@node5 minions]# ls
node6.a.com
cat node6.a.com
[root@node5 minions]# cat node6.a.com -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39/NdTOO3Dh52daFB8iW LA1WUA8qjnAndywnOnHh4KNhgsI1uvrBasVpSM1uIIUxTfa2IYweuV+896CX+jyT 5shh8u4NqIMglEmZNqxmmKUoPphZW9jDr/KcqXF6w5NHLh0UmA4mFtpyJUkZuEw5 4Gi9CLCari3rF3oZ+nJcfu19bpyT0grE/zUV0RF+lZrYWb/peAt5J/p4O1ueE/SS 31s88Wpiq7lyI1sTFcsI0DkaZW5RM/WICTuhQtGZsqCduJh0XPvB7pMCDkN50uqo ednXmEypPLULss+QfKGP4KT9Bsk5viFuzkLXSs9meXwnkR7pwTZreivfXsgXE7wQ 6QIDAQAB -----END PUBLIC KEY-----
客户端的公钥、私钥和报错master的文件:
[root@node6 minion]# ls
minion_master.pub #保存服务器的公钥
[root@node6 minion]# cat minion_master.pub #客户端保存的服务器的公钥 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjBP4H+twndPlHylh/m9 rD/E5CNX0Tl6Bu0/RhxhVJxtmp4fcFhNaKEc/Rf3HF8hYav5FB1wH/HODM9wd1gO Q7P1eOtE8NlW3l6np9maAFCMwjIT97R5lVIPy4ZqRmNzYVu/k0xmHLehjgIipaW2 KT240QyS5a0VI0T+rZLpX5oCrQ+6T6yHQmZLYZFOSAaHpDqYV7YzcirVAekTW0VM de2Dfk+eet3nsUIIEMTy4IOYsq4kDQAvi/0xRga1HVZOlg9CEHKGOFNE7OFxD7JH IHcpw1GOV6ZOoIMmXAr1DcWjtcRiGu6SKHVmZpvUwY2LAIeJIaTK98Cbw8qkwymS HwIDAQAB -----END PUBLIC KEY-----
minion.pem #客户端的私钥
minion.pub #客户端的公钥
[root@node6 minion]# cat minion.pub #客户端的公钥,认证时会发给服务端 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39/NdTOO3Dh52daFB8iW LA1WUA8qjnAndywnOnHh4KNhgsI1uvrBasVpSM1uIIUxTfa2IYweuV+896CX+jyT 5shh8u4NqIMglEmZNqxmmKUoPphZW9jDr/KcqXF6w5NHLh0UmA4mFtpyJUkZuEw5 4Gi9CLCari3rF3oZ+nJcfu19bpyT0grE/zUV0RF+lZrYWb/peAt5J/p4O1ueE/SS 31s88Wpiq7lyI1sTFcsI0DkaZW5RM/WICTuhQtGZsqCduJh0XPvB7pMCDkN50uqo ednXmEypPLULss+QfKGP4KT9Bsk5viFuzkLXSs9meXwnkR7pwTZreivfXsgXE7wQ 6QIDAQAB -----END PUBLIC KEY-----
10、salt-key参数:
-a:同意单个主机
-A:同意所有主机
-L:列出已经同意的主机
-d:删除单个主机
-D:删除所有主机
11、saltstack远程执行:
使用正则表达式匹配主机:
-E:
[root@node5 ~]# salt -E "(node6|node9).a.com" test.pingnode9.a.com: True node6.a.com: True
或者更改top.sls文件:
base: "(node\d.a.com)": - match: pcre - init.pkg - init.limit
-L:
[root@node5 ~]# salt -L "node6.a.com,node9.a.com" test.ping node9.a.com: True node6.a.com: True
-S:匹配IP地址
[root@node5 ~]# salt -S '192.168.10.0/24' test.ping node6.a.com: True node9.a.com: True
service模块:
salt "*" service.get_all
[root@node5 ~]# salt "*" service.status sshd #判断一个服务的当前状态 node9.a.com: True node6.a.com: True
[root@node5 ~]# salt "*" service.restart sshd #重启一个服务 node9.a.com: True node6.a.com: True
salt-cp:远程拷贝文件
[root@node5 ~]# salt-cp "*" /etc/hosts /tmp/ {'node6.a.com': {'/tmp/hosts': True}, 'node9.a.com': {'/tmp/hosts': True}}
12、 信息返回并写入mysql:
即客户端给服务器的返回,默认是在屏幕输出,可以写入在mysql、redis等,下面写入mysql:
在客户端和server端都安装MySQL-python,复制无法写入到数据库。
yum install MySQL-python -y
创建数据库:
mysql> CREATE DATABASE salt default character set utf8 default collate utf8_general_ci;
Query OK, 1 row affected (0.00 sec)
创建表:
CREATE DATABASE `salt` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; USE `salt`; DROP TABLE IF EXISTS `jids`; CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; DROP TABLE IF EXISTS `salt_returns`; CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; DROP TABLE IF EXISTS `salt_events`; CREATE TABLE `salt_events` ( `id` BIGINT NOT NULL AUTO_INCREMENT, `tag` varchar(255) NOT NULL, `data` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, `master_id` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `tag` (`tag`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; grant all on salt.* to salt@"node5.a.com" Identified by "123456"; grant all privileges on salt.* to salt@"l27.0.0.1" Identified by "123456"; grant all on salt.* to salt@'%' identified by 'salt';
在MySQL服务器授权远程访问:
grant all on salt.* to salt@"192.168.10.%" Identified by "123456"; #授权从192.168.10网段的用户salt使用密码123456可以远程访问 grant all privileges on salt.* to salt@"l27.0.0.1" Identified by "123456"; #授权本地访问 create database xx charset utf8; #创建支持中文的数据库 flush privileges; #刷新表
服务器端配置mysql写入:
vim /etc/salt/master
mysql.host: '192.168.10。205' #数据库自己的IP和数据库名称 mysql.user: 'salt' mysql.pass: '123456' mysql.db: 'salt' mysql.port: 3306
每个客户端也要进行配置并安装MySQL-python
mysql.host: '192.168.10.205' #服务器的IP地址和数据库名称 mysql.user: 'salt' mysql.pass: '123456' mysql.db: 'salt' mysql.port: 3306
测试MySQL是否有数据:
[root@node5 ~]# salt '*' test.ping --return mysql #指定返回给数据库
mysql>use salt; mysql> select * from salt_returns;
配置服务器时时写入mysql:
mysql.host: '192.168.10.205' mysql.user: 'salt' mysql.pass: '123456' mysql.db: 'salt' mysql.port: 3306 master_job_cache: mysql #自动写入mysql
注意:成功写入mysql必备的条件:
1、数据库和表及表格式需完全按照官网的要求
2、服务器和客户端必须连接成功,即可以正常使用salt执行命令名成功返回
3、客户端必须安装MySQL-python
4、客户端和服务器的配置文件都要进行mysql的相关配置,客户端写mysql服务器的地址(mysql可能会和master不在一个服务器)
5、如果要服务器自己将返回写入数据库,需在配置文件加上master_job_cache: mysql (需保证使用 salt '*' test.ping --return mysql能成功写入)
