saltstack之远程执行
#########################################TARGETING############################################# salt '*' cmd.run 'w'
linux-node1.example.com:
09:22:01 up 37 min,1 user,load average: 0.00, 0.01, 0.06
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.0.0.1 08:45 1.00s0.95s0.78s /usr/bin/python
linux-node2.example.com:
09:22:01 up 37 min,1 user,load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.0.0.1 08:45 21:14 0.02s0.02s -bash
salt 命令
* 代表指定目标
cmd.run cmd模块的run方法
w 参数
# salt 'linux-node1.example.com' cmd.run 'w'
linux-node1.example.com:
09:28:16 up 43 min,1 user,load average: 0.10, 0.04, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.0.0.1 08:45 1.00s0.98s0.80s /usr/bin/python
# salt 'linux-node.example.com' cmd.run 'w'
通配符:https://docs.saltstack.com/en/latest/topics/targeting/globbing.html#targeting-glob
正则表达式:
-E 显示正则匹配
例子:
# salt -E 'linux-(node1|node2).example.com' test.ping
linux-node2.example.com:
True
linux-node1.example.com:
True
-L 显示列表
例子:
# salt -L 'linux-node1.example.com,linux-node2.example.com' test.ping
linux-node2.example.com:
True
linux-node1.example.com:
True
grains:https://docs.saltstack.com/en/latest/topics/targeting/grains.html
例子:
# salt -G 'os:CentOS' test.ping -G指定为grains
linux-node1.example.com:
True
linux-node2.example.com:
True
指定目标主机:https://docs.saltstack.com/en/latest/topics/targeting/pillar.html
# salt -I 'apache:httpd' test.ping -I指定目标主机
linux-node1.example.com:
True
linux-node2.example.com:
True
匹配子网或者IP地址:https://docs.saltstack.com/en/latest/topics/targeting/ipcidr.html
例一:
# salt -S 10.0.0.8 test.ping -S 匹配IP地址
linux-node2.example.com:
True
例二:
# salt -S 10.0.0.0/24 test.ping -S 匹配子网
linux-node2.example.com:
True
linux-node1.example.com:
True
例三:
# salt -C 'S@10.0.0.8 or G@web:nginx' test.ping -C 混合使用 -S 匹配IP地址 -G匹配grains
linux-node2.example.com:
True
linux-node1.example.com:
True
混合使用:https://docs.saltstack.com/en/latest/topics/targeting/compound.html
节点组(NODE GROUPS):https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html -N 匹配节点组
#####################################################TARGETING#########################################################
远程执行模块
#########################################FULL LIST OF BUILTIN STATE MODULES############################################
远程执行模块:https://docs.saltstack.com/en/latest/ref/modules/all/index.html
service模块讲解:https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.service.html#module-salt.modules.service
场景1:判断当前服务是否在运行
# salt '*' service.available sshd
linux-node2.example.com:
True
linux-node1.example.com:
True
场景2:显示当前正在运行的服务:
# salt '*' service.get_all
场景3:如果服务正在运行则返回false:
# salt '*' service.missing sshd
linux-node1.example.com:
False
linux-node2.example.com:
False
场景4:服务的启动,关闭,重启,加载及状态:
# salt '*' service.start/stop/restart/reload/status httpd
network模块讲解:https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#module-salt.modules.network
场景1: 返回所有活动的tcp链接:
# salt '*' network.active_tcp
场景2: 返回arp
# salt '*' network.arp
场景3: 返回所有eth0的网卡的相关内容
# salt '*' network.interface eth0
模块的acl:权限控制管理
# vim /etc/salt/master
client_acl: 指定oldboy用户只能运行test.ping和network模块
oldboy:
- test.ping
- network.*
# useradd oldboy 添加oldboy用户
# passwd oldboy 设置oldboy用户密码
更改用户 oldboy 的密码 。
新的 密码:
无效的密码: 过于简单化/系统化
无效的密码: 过于简单
重新输入新的 密码:
passwd: 所有的身份验证令牌已经成功更新。
# chmod 777 /var/log/salt/master
# chmod 755 /var/cache/salt/ /var/cache/salt/master/ /var/cache/salt/master/jobs/ /var/run/salt /var/run/salt/master/
# su - oldboy
$ salt '*' test.ping ======>此处用oldboy用户执行test.ping能够成功返回,证明oldboy用户可以使用此命令
linux-node2.example.com:
True
linux-node1.example.com:
True
$ salt '*' cmd.run 'w' ======>此处用oldboy用户执行别的命令会报错,因为salt-master的配置文件中没有指定,证明acl设置成功
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).
acl中的正则匹配:
场景1 user01只能在linux-node1上执行test.ping命令
# vim /etc/salt/master
client_acl:
oldboy:
- test.ping
- network.*
user01:
- linux-node1*:
- test.ping
# /etc/init.d/salt-master restart
Stopping salt-master daemon: [确定]
Starting salt-master daemon: [确定]
# useradd user01
# su - user01
$ salt 'linux-node1*' test.ping
linux-node1.example.com:
True
$ salt '*' test.ping
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).
禁止使用***模块,在master配置文件中配置blacklist即可
#########################################FULL LIST OF BUILTIN STATE MODULES############################################
返回模块
#########################################FULL LIST OF BUILTIN RETURNER MODULES############################################
返回数据至mysql数据库:https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.mysql.html#module-salt.returners.mysql
创建salt数据库及所需表:
CREATE DATABASE`salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
最后一定要记得授权,至关重要:
mysql> grant all on salt.* to salt@'10.0.0.0/255.255.255.0' identified by 'salt';
Query OK, 0 rows affected (0.00 sec)
返回程序是minion返回的,所以在所有minion端都必须要安装MySQL-python包
# yum install MySQL-python -y
# yum install MySQL-python -y
在每个master和minion的配置文件末尾加上以下配置,则OK
# vim /etc/salt/minion
# vim /etc/salt/minion
# vim /etc/salt/master
mysql.host: '10.0.0.7'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
修改之后重新启动salt-master和salt-minion服务
/etc/init.d/salt-master restart
/etc/init.d/salt-minion restart
然后刷新pillar
# salt '*' saltutil.refresh_pillar
linux-node2.example.com:
True
linux-node1.example.com:
True
# salt '*' test.ping --return mysql
linux-node1.example.com:
True
linux-node2.example.com:
True
之后查询数据库,则出现返回的数据:
mysql> select * from salt.salt_returns;
+-----------+----------------------+--------+-------------------------+---------
+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| fun | jid | return | id | success | full_ret
| alter_time |
+-----------+----------------------+--------+-------------------------+---------
+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| test.ping | 20151117113743783244 | true | linux-node1.example.com | 1 | {"fun_args": [], "jid": "20151117113743783244", "return": true, "retcode": 0, "success": true, "fun":
"test.ping", "id": "linux-node1.example.com"} | 2015-11-17 11:37:43 |
| test.ping | 20151117113743783244 | true | linux-node2.example.com | 1 | {"fun_args": [], "jid": "20151117113743783244", "return": true, "retcode": 0, "success": true, "fun":
"test.ping", "id": "linux-node2.example.com"} | 2015-11-17 11:37:43 |
+-----------+----------------------+--------+-------------------------+---------
+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
2 rows in set (0.00 sec)
则代表返回成功。
#####################################################################return: mysql############################################################################
将minion端和master端的注释打开,则无需指定--return mysql,如下所示:
#return: mysql ================> return: mysql
重新启动salt-master和salt-minion
# salt '*' cmd.run 'w' ======================>在master端执行以下命令
linux-node2.example.com:
11:41:38 up2:56,1 user,load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.0.0.1 08:45 15:17 0.09s0.09s -bash
linux-node1.example.com:
11:41:38 up2:57,2 users,load average: 0.34, 0.14, 0.10
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 10.0.0.1 10:44 3:06 0.37s0.10s mysql
root pts/1 10.0.0.1 11:32 1.00s0.91s0.86s /usr/bin/python
在库中查看:
mysql> select * from salt.salt_returns;
+-----------+----------------------+--------+-------------------------+---------
+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| fun | jid | return | id | success | full_ret
| alter_time |
+-----------+----------------------+--------+-------------------------+---------
+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| test.ping | 20151117113743783244 | true | linux-node1.example.com | 1 | {"fun_args": [], "jid": "20151117113743783244", "return": true, "retcode": 0, "success": true, "fun":
"test.ping", "id": "linux-node1.example.com"} | 2015-11-17 11:37:43 |
| test.ping | 20151117113743783244 | true | linux-node2.example.com | 1 | {"fun_args": [], "jid": "20151117113743783244", "return": true, "retcode": 0, "success": true, "fun":
"test.ping", "id": "linux-node2.example.com"} | 2015-11-17 11:37:43 |
+-----------+----------------------+--------+-------------------------+---------
+-----------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
2 rows in set (0.00 sec)
mysql> select * from salt.salt_returns;
| cmd.run | 20151117114138375756 | " 11:41:38 up2:56,1 user,load average: 0.00, 0.00, 0.00\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\nroot pts/0
10.0.0.1 08:45 15:17 0.09s0.09s -bash" | linux-node2.example.com | 1 | {"fun_args":
["w"], "jid": "20151117114138375756", "return": " 11:41:38 up2:56,1 user,load average: 0.00, 0.00, 0.00\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\nroot
pts/0 10.0.0.1 08:45 15:17 0.09s0.09s -bash", "retcode": 0, "success": true, "fun": "cmd.run", "id": "linux-node2.example.com"}
| 2015-11-17 11:41:38 |
| cmd.run | 20151117114138375756 | " 11:41:38 up2:57,2 users,load average: 0.34, 0.14, 0.10\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\nroot pts/0
10.0.0.1 10:44 3:06 0.37s0.10s mysql\nroot pts/1 10.0.0.1 11:32 1.00s0.91s0.86s /usr/bin/python" | linux-node1.example.com | 1 | {"fun_args":
["w"], "jid": "20151117114138375756", "return": " 11:41:38 up2:57,2 users,load average: 0.34, 0.14, 0.10\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\nroot
pts/0 10.0.0.1 10:44 3:06 0.37s0.10s mysql\nroot pts/1 10.0.0.1 11:32 1.00s0.91s0.86s /usr/bin/python", "retcode": 0, "success": true, "fun":
"cmd.run", "id": "linux-node1.example.com"} | 2015-11-17 11:41:38 |
2 rows in set (0.00 sec)
已返回两行,则代表去掉master和minion中的注释,无需加--return mysql,数据仍可返回,OK
############################################################################return: mysql############################################################################
###########################################################################master_job_cache##########################################################################
参考网址:https://docs.saltstack.com/en/latest/topics/jobs/job_cache.html
使用job_cache:
# vim /etc/salt/master
742 master_job_cache: mysql
743 mysql.host: '10.0.0.7'
744 mysql.user: 'salt'
745 mysql.pass: 'salt'
746 mysql.db: 'salt'
747 mysql.port: 3306
重新启动salt-master
# salt '*' cmd.run 'free -m'
linux-node1.example.com:
total used free shared buffers cached
Mem: 1873 886 986 2 124 247
-/+ buffers/cache: 515 1358
Swap: 1023 0 1023
linux-node2.example.com:
total used free shared buffers cached
Mem: 1873 385 1487 0 29 218
-/+ buffers/cache: 137 1736
Swap: 1023 0 1023
在数据库中查看结果,里面有返回的free -m数据
mysql> select * from salt.salt_returns;
| cmd.run | 20151117115059880549 | " total used free shared buffers cached\nMem: 1873 886 986 2 124
247\n-/+ buffers/cache: 515 1358 \nSwap: 1023 0 1023" | linux-node1.example.com | 1 |
{"fun_args": ["free -m"], "jid": "20151117115059880549", "return": " total used free shared buffers cached\nMem: 1873 886 986
2 124 247\n-/+ buffers/cache: 515 1358 \nSwap: 1023 0 1023", "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2015-11-
17T03:51:00.124707", "fun": "cmd.run", "id": "linux-node1.example.com"} | 2015-11-17 11:51:00 |
| cmd.run | 20151117115059880549 | " total used free shared buffers cached\nMem: 1873 385 1487 0 29
218\n-/+ buffers/cache: 137 1736 \nSwap: 1023 0 1023" | linux-node2.example.com | 1 |
{"fun_args": ["free -m"], "jid": "20151117115059880549", "return": " total used free shared buffers cached\nMem: 1873 385 1487
0 29 218\n-/+ buffers/cache: 137 1736 \nSwap: 1023 0 1023", "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2015-11-
17T03:51:00.164240", "fun": "cmd.run", "id": "linux-node2.example.com"} | 2015-11-17 11:51:00 |
则代表master_job_cache生效,这里不是minion直接返回,而是minion将数据传输给master,而master将数据写入数据库中
###########################################################################master_job_cache##########################################################################
页:
[1]