安装和配置saltstack
安装salt-masterrpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install -y salt-master
mkdir /srv/salt
vim /etc/salt/master
修改
interface: 10.101.20.60
启动salt-master
/etc/init.d/salt-master start
chkconfig salt-master --level 35 on
分组
vim /etc/salt/master
nodegroups:
group1: 'L@10.101.20.61,10.101.20.62,10.101.20.63'
安装salt-minion
vim install_salt_minion.sh
#!/bin/bash
if [ -f "/etc/salt/minion" ];then
echo "salt-minion had installed!"
exit
fi
# get network ip addr function
function getIP()
{
NET=$1
if [ "$NET" = "" ]; then
NET="eth0"
fi
IP=""
if [ $(ifconfig | grep "$NET" | wc -l) -gt 0 ]; then
IP=$(ifconfig $NET | grep 'inet addr:' | awk -F: '{print $2}' | awk '{print $1}')
fi
echo $IP
}
SERVER_ADDR="10.3.2.115"
LOCAL_ADDR=$(getIP eth0)
if [ "$LOCAL_ADDR" = "" ];then
LOCAL_ADDR=$(getIP bond0)
fi
VER=$(cat /etc/redhat-release | awk '{print $3}')
if [ "$VER" = "6.5" ];then
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
elif [ "$VER" = "5.7" ];then
rpm -ivh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
wget --no-check-certificate https://copr.fedoraproject.org/coprs/saltstack/salt-el5/repo/epel-5/saltstack-salt-el5-epel-5.repo -O /etc/yum.repos.d/saltstack-copr-el5.repo
else
exit 1
fi
yum install -y python salt-minion
sed -i "/^#master: salt/a\master: $SERVER_ADDR" /etc/salt/minion
sed -i "/^#id:/a\id: $LOCAL_ADDR" /etc/salt/minion
/etc/init.d/salt-minion start
chkconfig salt-minion --level 35 on
echo "00 01 * * * /etc/init.d/salt-minion restart >/dev/null 2>&1" >> /var/spool/cron/root
在salt-master服务器上执行操作
认证命令
salt-key -L 显示已经认证或未认证的被控端id
salt-key -D 删除所有认证主机id证书
salt-key -d 'id' 删除单个id证书
salt-key -A 接受所有id证书请求
salt-key -a 'id' 接受单个id证书请求
常用测试命令
salt '*' test.ping
salt '*' cmd.run 'uptime'
salt -L '10.101.20.61' cmd.run 'uptime'
salt -N 'group1' cmd.run 'uptime'
salt -L '10.101.20.61' cp.get_file salt://zabbix/zabbix-2.4.4.tar.gz /usr/local/src/zabbix-2.4.4.tar.gz
salt '10.101.20.61' grains.ls 列出grains所有items
salt '10.101.20.61' grains.items 打印grains所有items值
salt '10.101.20.61' grains.item id 查看grains单个item值
使用saltstack安装zabbix agent
vim /srv/salt/zabbix/install_zabbix_agent.sls
添加
/usr/local/src/zabbix-2.4.4.tar.gz:
file.managed:
- source: salt://zabbix/zabbix-2.4.4.tar.gz
- user: root
- group: root
- mode: 644
/usr/local/src/install_zabbix_agent.sh:
cmd.script:
- source: salt://zabbix/install_zabbix_agent.sh
- user: root
- shell: /bin/bash
salt -L '192.168.1.101' state.sls zabbix.install_zabbix_agent -v
使用saltstack调用系统命令管理系统用户
添加用户并设置密码
salt -L '192.168.1.101' cmd.run '/usr/sbin/useradd -u 1001 -g 1001 -p 123456zhao' -v
设置用户密码
salt -L '192.168.1.101' cmd.run '/bin/echo 123456 | /usr/bin/passwd --stdin zhao' -v
删除用户
salt -L '192.168.1.101' cmd.run '/usr/sbin/userdel -r zhao' -v
开启SSH KEY登陆
salt -L '192.168.1.101' cmd.run "/bin/sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config;/etc/init.d/sshd restart" -v
用户添加公钥
salt -L '192.168.1.101' cmd.run '/bin/mkdir /home/zhao/.ssh' -v
salt -L '192.168.1.101' cmd.run '/bin/echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuhy3wPKiJv7dYgR6doUYpU40hGDmfc7DWNYXVA6Ld/CQKUquKJSfrxAXXkLrFiaBg8REt+HZnm0ofCJeJBPr8CiKxOu692TFbBIx7/YekAk/QMpG9CS0emEAsFLBXaJPN2f0NIHrnyxQNF5Zxd+yi3EQe3UTZ67uDtJW/WDAeLdIldk8DlWpI8IhORGuvWmuae3c5j6KV82yySB4RBaHNOCKPcIMyQqNS09ycTbTVIv8TWD3iq1sIf3iLhSvNTNKWSDMnqcMQ5+d+CSwT3bpEgqWT5FKlHVJWdMhcSnfzJ7oyBIjMxBPxvY8k1kVawwJjw7FO5MutwsfPebbjq6tMw==
root@localhost.localdomain" >> /home/zhao/.ssh/authorized_keys' -v
salt -L '192.168.1.101' cmd.run '/bin/chown -R zhao /home/zhao/.ssh' -v
salt -L '192.168.1.101' cmd.run '/bin/chmod 600 /home/zhao/.ssh/authorized_keys' -v
saltstack管理用户
vim useradd.sls
user1:
user.present:
- fullname: user1
- password: '$1$jQCCbRPU$LsDTUmQ9CoDoM8IwiDFMy0'
- shell: /bin/bash
- home: /home/user1
- uid: 1001
- gid: 1001
- require:
- group: zucheops
user2:
user.present:
- fullname: user2
- password: '$1$jQCCbRPU$LsDTUmQ9CoDoM8IwiDFMy0'
- shell: /bin/bash
- home: /home/user2
- uid: 1002
- gid: 1001
- require:
- group: zucheops
zucheops:
group.present:
- gid: 1001
vim userdel.sls
user2:
user.absent:
- purge: True
- force: True
PYTHON程序调用saltstack API
vimtest.py
#!/usr/bin/python
import salt.client
client = salt.client.LocalClient()
ret = client.cmd('*', 'test.ping')
ret = client.cmd('*', 'cmd.run', ['hostname'])
print ret
以下为state.sls递归复制目录
vim /srv/salt/global/deployment_api/init.sls
/KTSGAPI/ktsg-api:
file.recurse:
- source: salt://global/deployment_api/ktsg-api
- user: root
- group: root
- dir_mode: 755
- file_mode: 755
- recurse:
- user
- group
salt -N 'KT-API-G1' state.sls global.deployment_api -v | tee /root/deployment_api.log
jiajia模板
vim test/nginx.sls
/usr/local/src/nginx.conf:
file.managed:
- source: salt://test/nginx.conf
- user: root
- group: root
- mode: 644
- template: jinja
vim test/nginx.conf
{% if grains['id'] == '10.101.20.61' %}
id: 10.101.20.61
{% elif grains['id'] == '10.101.20.62' %}
id: 10.101.20.62
{% elif grains['id'] == '10.101.20.63' %}
id: 10.101.20.63
{% else %}
id:
{% endif %}
salt '*' state.sls test.nginx -v
页:
[1]