运维实战 自动化运维 SaltStack入门
简介
Saltstack是一个分布式远程执行系统, 用来在远程节点上执行命令和查询数据, 能够维护预定义状态的远程节点.
核心功能
-
并行发送命令到远端主机, 效率更高
-
使用安全加密协议
-
最小最快的网络载荷
-
提供简单的编程接口
同时, 因为采用SC模式且引入了更细致的领域控制系统, 命令的执行对象不仅可以是主机名, 也可以是符合某一系统属性的主机群体.
4505是其发送端口
4506是其接收端口, 用来接收请求响应报文
Salt命令由三个主要部分构成:
salt '<target>' <function> [arguments]
target 指定哪些minion,默认使用glob匹配minion id
也可以使用正则表达式
也可以指定列表
安装部署
rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
/etc/yum.repos.d/saltstack.repo
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
Run sudo yum clean expire-cache.
Run sudo yum update.
Install the salt-minion, salt-master, or other Salt components:
yum install salt-master
yum install salt-minion
yum install salt-ssh
yum install salt-syndic
yum install salt-cloud
##在管理端安装master
yum install -y salt-master
systemctl enable salt-master
systemctl start salt-master
##在客户端安装minion
yum install -y salt-minion
##修改配置文件增加主机设置
vim /etc/salt/minion
master: 172.25.5.1
systemctl enable salt-minion
systemctl start salt-minion
简单使用
##启用管理端服务
[root@Server1 ~]# systemctl enable --now salt-master.service
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
##在开启了客户端后,管理端可以看到未被允许的Key
[root@Server1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Server2
Rejected Keys:
[root@Server1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Server2
Server3
Rejected Keys:
##同意所有key
[root@Server1 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
Server2
Server3
Proceed? [n/Y] Y
Key for minion Server2 accepted.
Key for minion Server3 accepted.
[root@Server1 ~]# salt-key -L
Accepted Keys:
Server2
Server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
##此时,客户端与管理端已经建立连接了,进行测试
[root@Server1 ~]# salt '*' test.ping
Server2:
True
Server3:
True
##简单编写一个部署Apache的脚本并测试
[root@Server1 _modules]# vim /srv/salt/Apache.sls
[root@Server1 _modules]# salt '*' state.sls Apache
Server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: httpd
Started: 14:35:21.096991
Duration: 6100.891 ms
Changes:
----------
apr:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-88.el7
old:
httpd-tools:
----------
new:
2.4.6-88.el7
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
Summary for Server2
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 6.101 s
Server3:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: httpd
Started: 14:35:21.290611
Duration: 6127.828 ms
Changes:
----------
apr:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-88.el7
old:
httpd-tools:
----------
new:
2.4.6-88.el7
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
Summary for Server3
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 6.128 s
文件内容
httpd:
pkg.installed:
- name: httpd
自行编写模块
##编写一个查看硬盘挂载信息的模块
[root@Server1 _modules]# vim /srv/salt/_modules/mydisk.py
def df():
return __salt__['cmd.run']('df -h')
##传输给Server2
[root@Server1 _modules]# salt Server2 saltutil.sync_modules
Server2:
- modules.mydisk
##可以通过该模块对Server2进行操作了
[root@Server1 _modules]# salt Server2 mydisk.df
Server2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 17G 1.2G 16G 8% /
devtmpfs 484M 0 484M 0% /dev
tmpfs 496M 100K 496M 1% /dev/shm
tmpfs 496M 13M 483M 3% /run
tmpfs 496M 0 496M 0% /sys/fs/cgroup
/dev/vda1 1014M 132M 883M 14% /boot
tmpfs 100M 0 100M 0% /run/user/0
编译安装源码的方式
/nginx/install.sls
nginx-install:
pkg.installed:
- pkgs:
- pcre-devel
- gcc
- openssl-devel
file.managed:
- source: salt://nginx/files/nginx-1.18.0.tar.gz
- name: /mnt/nginx-1.18.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.18.0.tar.gz && cd nginx-1.18.0 && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/nginx
init.sls
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- source: salt://nginx/files/nginx.service
- name: /etc/systemd/system/nginx.service
service.running:
- name: nginx
- enable: True
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
top.sls
base: 'Server2': - apache 'Server3': - nginx
执行方式
salt '*' state.highstate
执行情况
[root@Server1 salt]# salt '*' state.highstate
Server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 15:33:27.464898
Duration: 706.589 ms
Changes:
Summary for Server2
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 706.589 ms
Server3:
----------
ID: nginx-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 15:33:27.667848
Duration: 739.729 ms
Changes:
----------
ID: nginx-install
Function: file.managed
Name: /mnt/nginx-1.18.0.tar.gz
Result: True
Comment: File /mnt/nginx-1.18.0.tar.gz is in the correct state
Started: 15:33:28.410887
Duration: 39.863 ms
Changes:
----------
ID: nginx-install
Function: cmd.run
Name: cd /mnt && tar zxf nginx-1.18.0.tar.gz && cd nginx-1.18.0 && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module &> /dev/null && make &> /dev/null && make install &> /dev/null
Result: True
Comment: /usr/local/nginx exists
Started: 15:33:28.452094
Duration: 0.847 ms
Changes:
----------
ID: /usr/local/nginx/conf/nginx.conf
Function: file.managed
Result: True
Comment: File /usr/local/nginx/conf/nginx.conf is in the correct state
Started: 15:33:28.453164
Duration: 13.671 ms
Changes:
----------
ID: nginx-service
Function: file.managed
Name: /etc/systemd/system/nginx.service
Result: True
Comment: File /etc/systemd/system/nginx.service is in the correct state
Started: 15:33:28.467170
Duration: 13.336 ms
Changes:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: The service nginx is already running
Started: 15:33:28.481955
Duration: 54.933 ms
Changes:
Summary for Server3
------------
Succeeded: 6
Failed: 0
------------
Total states run: 6
Total run time: 862.379 ms
测试
[root@Server3 salt]# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
Grains与Pillar详解
Grains
Grains是SaltStack的一个组件, 存放在SaltStack的minion端.
当salt-minion启动时会把收集到的数据静态存放在Grains<
最低0.47元/天 解锁文章
扫一扫
311
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
