0.16版本salt的安装与日常应用
本帖最后由 786yr 于 2014-7-22 10:27 编辑现在分享一下我对0.16版本salt的学习笔记
一、安装
1、在ubuntu系统安装
添加源
debhttp://debian.saltstack.com/debian wheezy-saltstack main
把这个源放到/etc/apt/sources.list
更新源
apt-get update
安装服务端或者客户端
apt-get installsalt-master
apt-get installsalt-minion
2、redhat或者centos的话,安装使用需要安装第三个源
如果你是5版本
1
wget http://dl.cpis-opt.com/huanw/shencan/epel-release-5-4.noarch.rpm && rpm -vih epel-release-5-4.noarch.rpm
如果是6版本,使用
1
2
3
wget http://download.fedoraproject.or ... ease-6-8.noarch.rpm
yum install salt-master
yum install salt-minion
1
2
3
The Salt master communicates with the minions using an AES-encrypted ZeroMQ connection. These communications are done over ports 4505 and 4506, which need to be accessible on the master only. This document outlines suggested firewall rules for allowing these incoming connections to the master.
Note
No firewall configuration needs to be done on Salt minions. These changes refer to the master only.
二、配置
在master端配置
1
2
vim /etc/salt/master
interface: 192.168.56.102
写成你本机的ip
在slave端配置
1
2
vim /etc/salt/minion
master: 192.168.56.102
写你服务端的ip
1
id: localhost
是注明自己的标示。
客户端/etc/init.d/salt-minion start 日志文件默认是这个/var/log/salt/minion
服务端/etc/init.d/salt-master start 日志文件默认是这个/var/log/salt/master
1
2
3
4
5
6
# salt-key -L
Accepted Keys:
server.hadoop.com
Unaccepted Keys:
localhost
Rejected Keys:
查看你的key情况
同意加入localhost
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# salt-key -L
Accepted Keys:
server.hadoop.com
Unaccepted Keys:
localhost
Rejected Keys:
# salt-key -a localhost
Key for minion localhost accepted.
# salt-key -L
Accepted Keys:
localhost
server.hadoop.com
Unaccepted Keys:
Rejected Keys:
查看一下网络连接情况(也就是看看能否连接客户端)
1
2
3
4
5
# salt '*' test.ping
localhost:
True
server.hadoop.com:
True
先前使用*代表所有机器,如果想单独的话,可以使用
1
2
3
# salt 'localhost' cmd.run hostname
localhost:
centos
如果想运行多个的话,可以使用-L
1
2
3
4
5
# salt -L 'server.hadoop.com,localhost' cmd.run hostname
server.hadoop.com:
server.hadoop.com
localhost:
centos
还可以使用正则
1
2
3
# salt -E 'server*' cmd.run hostname
server.hadoop.com:
server.hadoop.com
-G 这个参数很强大会根据默认的grain的结果来指定最新 grain这个东西就像puppet里面的facter这个东西
1
2
3
4
5
6
# salt -G 'os:Centos' test.ping
localhost:
True
# salt -G 'os:Ubuntu' test.ping
server.hadoop.com:
True
如果想查看哪个项的话
1
2
3
4
5
# salt '*' grains.item os
server.hadoop.com:
os: Ubuntu
localhost:
os: CentOS
执行python代码
1
2
3
4
5
6
7
# salt '*' cmd.exec_code python 'import sys;print sys.version'
localhost:
2.6.6 (r266:84292, Feb 22 2013, 00:00:18)
server.hadoop.com:
2.7.3 (default, Aug1 2012, 05:14:39)
分组操作
在master里配置
1
2
3
nodegroups:
group1: 'localhost'
group2: 'server.hadoop.com'
可以把localhost分给group1,server.hadoop.com分给group2
然后重启salt-master
1
2
3
4
5
6
# salt -N group1 test.ping
localhost:
True
# salt -N group2 test.ping
server.hadoop.com:
True
查看网卡ip
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# salt 'localhost' network.interfaces
localhost:
----------
eth0:
----------
hwaddr:
08:00:27:59:bb:1f
inet:
----------
- address:
192.168.56.102
- broadcast:
192.168.56.255
- label:
eth0
- netmask:
255.255.255.0
inet6:
----------
- address:
fe80::a00:27ff:fe59:bb1f
- prefixlen:
64
up:
True
eth1:
----------
hwaddr:
08:00:27:ba:ad:23
inet:
----------
- address:
192.168.14.182
- broadcast:
192.168.14.255
- label:
eth1
- netmask:
255.255.255.0
inet6:
----------
- address:
fe80::a00:27ff:feba:ad23
- prefixlen:
64
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
----------
- address:
127.0.0.1
- broadcast:
None
- label:
lo
- netmask:
255.0.0.0
inet6:
----------
- address:
::1
- prefixlen:
128
up:
True
下面是我的测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# salt -C 'G@os:ubuntu' test.ping
server.hadoop.com:
True
# salt -C 'E@server.\w+' test.ping
server.hadoop.com:
True
# salt -C 'P@os:(centos)' test.ping
localhost:
True
# salt -C 'P@os:(centos|ubuntu)' test.ping
server.hadoop.com:
True
localhost:
True
# salt -C 'L@localhost,server.hadoop.com' test.ping
server.hadoop.com:
True
localhost:
True
# salt -C 'S@192.168.56.0/24' test.ping
server.hadoop.com:
True
localhost:
True
查看磁盘空间
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# salt 'localhost' disk.usage
localhost:
----------
/:
----------
1K-blocks:
28423176
available:
21572708
capacity:
21%
filesystem:
/dev/mapper/vg_centos-lv_root
used:
5406628
/boot:
----------
1K-blocks:
495844
available:
438658
capacity:
7%
filesystem:
/dev/sda1
used:
31586
/dev/shm:
----------
1K-blocks:
510204
available:
510204
capacity:
0%
filesystem:
tmpfs
used:
0
# df -h
Filesystem SizeUsed Avail Use% Mounted on
/dev/mapper/vg_centos-lv_root
28G5.2G 21G21% /
tmpfs 499M 0499M 0% /dev/shm
/dev/sda1 485M 31M429M 7% /boot
如果想查看所有minion的连接情况,可以使用salt-run manage.status
1
2
3
4
5
6
7
8
9
10
11
12
13
# salt '*' test.ping
server.hadoop.com:
True
localhost:
True
#
#
# salt-run manage.status
down:
- 230
up:
- localhost
- server.hadoop.com
如果想安装软件可以使用pkg.install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# salt 'localhost' pkg.install dos2unix
Loaded plugins: fastestmirror
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.esocc.com
* epel: mirrors.vinahost.vn
* extras: mirror.esocc.com
* rpmforge: mirror1.hs-esslingen.de
* updates: centosc6.centos.org
Running rpm_check_debug
Loaded plugins: fastestmirror
localhost:
----------
dos2unix:
----------
new:
3.1-37.el6
old:
# rpm -qa|grep dos2unix
dos2unix-3.1-37.el6.x86_64
查看你已经安装的包
1
salt 'localhost' pkg.list_pkgs
删除包
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# salt 'localhost' pkg.remove echoping
Loaded plugins: fastestmirror
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.esocc.com
* epel: mirror.neu.edu.cn
* extras: mirror.esocc.com
* rpmforge: mirrors.neusoft.edu.cn
* updates: mirror.esocc.com
Running rpm_check_debug
Loaded plugins: fastestmirror
localhost:
- echoping
# rpm -qa|grep echoping
查看你repos(由于内容过多,我就只列出命令了)
1
salt 'localhost' pkg.list_repos
三、配置类似puppet操作
由于我的master上的存放信息目录是在/var/salt上
1
2
3
file_roots:
base:
- /var/salt/
所以进入换个目录
下面是我的配置
1
2
3
4
# cat top.sls
base:
'*': #对象名,我使用*代表所有
- vim #资源文件名
如果你的资源文件存放在一个目录里,比如在/var/salt/apache/vim.sls,
那么可以写为
1
-apache.vim
代表apache目录下的vim.sls
下面测试
Top里内容为
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# cat top.sls
base:
'localhost':
- echoping.echoping#代表echoping目录下的echoping.sls文件
# pwd
/var/salt/echoping
# cat echoping.sls
echoping: #id宣告
pkg:#安装包管理
- name: echoping #安装哪个软件
- installed #要求是安装
service: #服务管理
- name: httpd #指定服务
- running #服务运行状态
- reload: True#是否重启
- watch: #如果下面文件发生变化,就重启
- file: /tmp/test_echoping.conf #监控的文件地址
/tmp/test_echoping.conf: #宣告
file.managed: #文件管理
- source: salt://echoping/test_echoping.conf #源数据在哪里
- user: root #用户
- group: root #组
- mode: 644 #权限
- backup: minion #备份一份
运行的话,可以使用salt 'localhost' state.highstate
注意,如果需要把服务设置为开机启动可以使用- enable:True
由于我设置的是有变化就重启http,所以先查看http的状态
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# ps -ef|grep httpd
root 1430 10 17:03 ? 00:00:00 /usr/sbin/httpd
apache 143614300 17:03 ? 00:00:00 /usr/sbin/httpd
apache 146914300 17:03 ? 00:00:00 /usr/sbin/httpd
apache 147014300 17:03 ? 00:00:00 /usr/sbin/httpd
apache 147114300 17:03 ? 00:00:00 /usr/sbin/httpd
apache 147214300 17:03 ? 00:00:00 /usr/sbin/httpd
apache 147314300 17:03 ? 00:00:00 /usr/sbin/httpd
apache 147414300 17:03 ? 00:00:00 /usr/sbin/httpd
apache 147514300 17:03 ? 00:00:00 /usr/sbin/httpd
apache 147614300 17:03 ? 00:00:00 /usr/sbin/httpd
root 188617820 17:04 pts/0 00:00:00 grep httpd
# date
Fri Aug9 17:04:54 CST 2013
在17:04启动,然后在运行salt 'localhost' state.highstate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# salt 'localhost' state.highstate
Info: Running a benchmark to measure system clock frequency...
Info: Finished RDTSC test. To prevent the startup delay from this benchmark, set the environment variable RDTSC_FREQUENCY to 2495 on this system. This value is dependent upon the CPU clock speed and architecture and should be determined separately for each server.
localhost:
----------
State: - file
Name: /tmp/test_echoping.conf
Function:managed
Result: True
Comment: File /tmp/test_echoping.conf updated
Changes: diff: New file
----------
State: - pkg
Name: echoping
Function:installed
Result: True
Comment: The following packages were installed/updated: echoping.
Changes: echoping: { new : 5.2.0-1.2.el6.rf
old :
}
----------
State: - service
Name: httpd
Function:running
Result: True
Comment: Service restarted
Changes: httpd: True
可以看到已经安装了echoping,并且更新了/tmp/test_echoping.conf
在查看一下httpd情况
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# ps -ef|grep httpd
root 2025 10 17:06 ? 00:00:00 /usr/sbin/httpd
apache 202820250 17:06 ? 00:00:00 /usr/sbin/httpd
apache 203120250 17:06 ? 00:00:00 /usr/sbin/httpd
apache 203220250 17:06 ? 00:00:00 /usr/sbin/httpd
apache 203320250 17:06 ? 00:00:00 /usr/sbin/httpd
apache 203420250 17:06 ? 00:00:00 /usr/sbin/httpd
apache 203520250 17:06 ? 00:00:00 /usr/sbin/httpd
apache 203620250 17:06 ? 00:00:00 /usr/sbin/httpd
apache 203720250 17:06 ? 00:00:00 /usr/sbin/httpd
apache 203820250 17:06 ? 00:00:00 /usr/sbin/httpd
root 204317823 17:06 pts/0 00:00:00 grep httpd
# date
Fri Aug9 17:06:57 CST 2013
可以看到已经重启了。
在查看一下文件传输情况
源文件
1
2
3
# cat /var/salt/echoping/test_echoping.conf
this is test echoping
this twice test
生成的文件
1
2
3
# cat /tmp/test_echoping.conf
this is test echoping
this twice test
查看echoping是否安装
1
2
# rpm -qa|grep echoping
echoping-5.2.0-1.2.el6.rf.x86_64
已经安装了
在看看下面的用户与权限
1
2
# ll /tmp/test_echoping.conf
-rw-r--r-- 1 root root 38 Aug9 17:05 /tmp/test_echoping.conf
也是我们定义的
如果在给/var/salt/echoping/test_echoping.conf修改了,在运行
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# salt 'localhost' state.highstate
localhost:
----------
State: - file
Name: /tmp/test_echoping.conf
Function:managed
Result: True
Comment: File /tmp/test_echoping.conf updated
Changes: diff: ---
+++
@@ -1,2 +1,3 @@
this is test echoping
this twice test
+this is 3
----------
State: - service
Name: httpd
Function:running
Result: True
Comment: Service restarted
Changes: httpd: True
然后服务也重启了
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# ps -ef|grep httpd
root 2352 10 17:21 ? 00:00:00 /usr/sbin/httpd
apache 235423520 17:21 ? 00:00:00 /usr/sbin/httpd
apache 235523520 17:21 ? 00:00:00 /usr/sbin/httpd
apache 235623520 17:21 ? 00:00:00 /usr/sbin/httpd
apache 235723520 17:21 ? 00:00:00 /usr/sbin/httpd
apache 235823520 17:21 ? 00:00:00 /usr/sbin/httpd
apache 235923520 17:21 ? 00:00:00 /usr/sbin/httpd
apache 236023520 17:21 ? 00:00:00 /usr/sbin/httpd
apache 236123520 17:21 ? 00:00:00 /usr/sbin/httpd
apache 236223520 17:21 ? 00:00:00 /usr/sbin/httpd
root 237221830 17:22 pts/1 00:00:00 grep httpd
# date
Fri Aug9 17:23:01 CST 2013
如果想让salt能想puppet那样定时自动的获取配置,可以在/etc/salt/minion里配置
1
2
3
4
schedule:
highstate:
function: state.highstate
minutes: 60
然后重启salt-minion
请注意,在服务端可以使用salt 'localhost' state.highstate,在客户端的话,使用salt-callstate.highstate
如果使用grains来区分不同的系统安装不同的东东,可以使用下面(比如安装apache,在centos里安装httpd,在ubuntu里安装apache2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# cat apache.sls
apache:
pkg:
{% if grains['os'] == 'CentOS'%}
- name: httpd
{% elif grains['os'] == 'Ubuntu'%}
- name: apache2
{% endif %}
- installed
service:
{% if grains['os'] == 'CentOS'%}
- name: httpd
{% elif grains['os'] == 'Ubuntu'%}
- name: apache2
{% endif %}
- running
- reload: True
- watch:
- pkg: apache
- file: /tmp/test.conf
/tmp/test.conf:
file.managed:
- source: salt://apache/test.conf
- user: root
- group: root
- mode: 644
# cat test.conf
this is test apache
this is 2
然后运行更新
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# salt 'server.hadoop.com' state.highstate
server.hadoop.com:
----------
State: - file
Name: /tmp/test.conf
Function:managed
Result: True
Comment: File /tmp/test.conf updated
Changes: diff: New file
----------
State: - pkg
Name: apache2
Function:installed
Result: True
Comment: Package apache2 is already installed
Changes:
----------
State: - service
Name: apache2
Function:running
Result: True
Comment: Service restarted
Changes: apache2: True
注意,如果你想使用命令的话,可以使用cmd.wait
1
2
3
4
5
6
echo-msg:
cmd.wait:
- name: echo 'this is test' >/tmp/echo-msg
- user: root
- watch:
- pkg: apache
自定义模块
查看你master上的file_root路径,比如我的为
1
2
3
file_roots:
base:
- /var/salt/
所以在/var/salt里创建个_modules
1
mkdir /var/salt/_modules
然后进入目录编写模块
1
2
3
4
5
6
7
8
9
cd /var/salt/_modules
# cat dl.py
def msg():
msg='this is test message'
return msg
def time():
import time
a=time.asctime()
return a
必须以.py结尾
然后同步到minion里(使用saltutil.sync_all)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# salt '*' saltutil.sync_all
server.hadoop.com:
|_
- modules.dl
|_
|_
|_
|_
|_
localhost:
|_
- modules.dl
|_
|_
|_
|_
|_
下面测试
1
2
3
4
5
6
7
8
9
10
# salt '*' dl.msg
localhost:
this is test message
server.hadoop.com:
this is test message
# salt '*' dl.time
server.hadoop.com:
Tue Aug 13 15:25:32 2013
localhost:
Tue Aug 13 15:25:29 2013
当然还可以直接调用salt的模块
调用先有的module来显现自定义module中需要的功能saltsalt内置的一个字典,包含了所有的salt的moudle
1
2
def cmd(cmd):
return __salt__['cmd.run'](cmd)
同步
之后测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#salt '*' saltutil.sync_all
server.hadoop.com:
|_
|_
|_
|_
|_
|_
localhost:
|_
- modules.dl
|_
|_
|_
|_
|_
# salt 'localhost' dl.cmd ls
localhost:
1.log
1.py
111.py
1111.log
2.log
3.log
anaconda-ks.cfg
install.log
install.log.syslog
install_openstack.sh
install_zabbix_agent.sh
svn_install.sh
test
test5
test7.py
zatree
# salt 'localhost' dl.cmd hostname
localhost:
centos
下面是一些关于client的描述
1
2
Python client API
Salt is written to be completely API centric, Salt minions and master can be built directly into third party applications as a communication layer. The Salt client API is very straightforward.
运行单个命令
1
2
3
4
5
6
7
8
9
10
>>> import salt.client
>>> a=salt.client.LocalClient()
>>> a
<salt.client.LocalClient object at 0x1ad8f10>
>>> a.cmd("localhost","test.ping")
{'localhost': True}
>>> a.cmd("*","test.ping")
{'server.hadoop.com': True, 'localhost': True}
>>> a.cmd("*","dl.time")
{'server.hadoop.com': 'Wed Aug 14 09:53:22 2013', 'localhost': 'Wed Aug 14 09:53:22 2013'}
运行多个命令
1
2
>>> a.cmd('*',['cmd.run','test.ping','dl.time'],[['hostname'],[],[]])
{'server.hadoop.com': {'test.ping': True, 'dl.time': 'Wed Aug 14 10:01:35 2013', 'cmd.run': 'server.hadoop.com'}, 'localhost': {'test.ping': True, 'dl.time': 'Wed Aug 14 10:01:35 2013', 'cmd.run': 'centos'}}
具体参考http://docs.saltstack.com/ref/python-api.html
页:
[1]