saltstack自动化管理平台搭建
saltstack自动化管理平台搭建主机名:角色:IPmaster.linuxfan.cn管理控制服务器master10.0.0.30minion1.linuxfan.cn被控节点110.0.0.40minion2.linuxfan.cn被控节点210.0.0.50 1: 修改主机的主机名,hosts解析配置:
(1)master配置主机名和hosts:
# hostnamectl set-hostname master.linuxfan.cn
# bash
# hostname
master.linuxfan.cn
# cat <<end >>/etc/hosts
> 10.0.0.30master.linuxfan.cn
> 10.0.0.40minion1.linuxfan.cn
> 10.0.0.50minion2.linuxfan.cn
> end
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.30master.linuxfan.cn
10.0.0.40minion1.linuxfan.cn
10.0.0.50minion2.linuxfan.cn
测试可以解析
# ping minion1.linuxfan.cn
PING minion1.linuxfan.cn (10.0.0.40) 56(84) bytes of data.
64 bytes from minion1.linuxfan.cn (10.0.0.40): icmp_seq=1 ttl=64 time=1.09 ms
hosts信息可以同步到其它两台节点服务器上:
使用rsync同步工具,加上for循环,将hosts配置文件同步到两台节点服务器上。可以使用dns解析替代hosts解析
# for i in 40 50;do rsync -av /etc/hosts root@10.0.0.$i:/etc/;done
The authenticity of host '10.0.0.40 (10.0.0.40)' can't be established.
ECDSA key fingerprint is f4:cd:b5:72:f7:ed:58:8d:ad:34:53:d4:b6:bc:71:e2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.40' (ECDSA) to the list of known hosts.
root@10.0.0.40's password:
sending incremental file list
hosts
sent 323 bytesreceived 37 bytes102.86 bytes/sec
total size is 250speedup is 0.69
The authenticity of host '10.0.0.50 (10.0.0.50)' can't be established.
ECDSA key fingerprint is f4:cd:b5:72:f7:ed:58:8d:ad:34:53:d4:b6:bc:71:e2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.50' (ECDSA) to the list of known hosts.
root@10.0.0.50's password:
sending incremental file list
hosts
sent 323 bytesreceived 37 bytes144.00 bytes/sec
total size is 250speedup is 0.69
(2)minion1-2节点配置主机名和hosts:
# hostnamectl set-hostname minion1.linuxfan.cn
# bash
# hostname
minion1.linuxfan.cn
##hosts刚才已经同步过来了,查看验证一下。
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.30master.linuxfan.cn
10.0.0.40minion1.linuxfan.cn
10.0.0.50minion2.linuxfan.cn
#
##解析没有任何问题
# ping master.linuxfan.cn -c 4
PING master.linuxfan.cn (10.0.0.30) 56(84) bytes of data.
64 bytes from master.linuxfan.cn (10.0.0.30): icmp_seq=1 ttl=64 time=0.284 ms
64 bytes from master.linuxfan.cn (10.0.0.30): icmp_seq=2 ttl=64 time=0.570 ms
64 bytes from master.linuxfan.cn (10.0.0.30): icmp_seq=3 ttl=64 time=0.532 ms
64 bytes from master.linuxfan.cn (10.0.0.30): icmp_seq=4 ttl=64 time=0.274 ms
节点2
#
# hostnamectl set-hostname minion2.linuxfan.cn
# bash
# hostname
minion2.linuxfan.cn
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.30master.linuxfan.cn
10.0.0.40minion1.linuxfan.cn
10.0.0.50minion2.linuxfan.cn
#
# ping -c 4 master.linuxfan.cn
PING master.linuxfan.cn (10.0.0.30) 56(84) bytes of data.
64 bytes from master.linuxfan.cn (10.0.0.30): icmp_seq=1 ttl=64 time=0.376 ms
64 bytes from master.linuxfan.cn (10.0.0.30): icmp_seq=2 ttl=64 time=0.429 ms
64 bytes from master.linuxfan.cn (10.0.0.30): icmp_seq=3 ttl=64 time=0.542 ms
64 bytes from master.linuxfan.cn (10.0.0.30): icmp_seq=4 ttl=64 time=0.387 ms
2: 安装软件:
(1)master控制端安装salt-master软件:
下载epel-release这个yum源 来安装salt-master
# yum -y install epel-release 安装master管理控制端
# yum -y install salt-master 启动服务,设置开机启动:
我喜欢用for循环语句来实现,使用下面命令可以实现重启服务,加入开机启动,查看状态的目的
# for i in enable restart status;do systemctl $i salt-master;done
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
● salt-master.service - The Salt Master Server
Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2017-08-16 15:24:57 CST; 18ms ago
Main PID: 16188 (salt-master)
CGroup: /system.slice/salt-master.service
├─16188 /usr/bin/python /usr/bin/salt-master
└─16198 /usr/bin/python /usr/bin/salt-master
8月 16 15:24:56 master.linuxfan.cn systemd: Starting The Salt Master Server...
8月 16 15:24:57 master.linuxfan.cn systemd: Started The Salt Master Server.
它的监听端口是 4505 4506两个,4505是saltstack的消息发布系统,4506为saltstack客户端与服务端通信的端口
# netstat -utpln |grep 45
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 16199/python
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 16219/python
(2)minion节点安装salt-minion节点端服务:(所有节点都做这样的操作)
下载安装yum源:
# yum -y install epel-release 安装节点端服务:
# yum -y install salt-minion 修改配置文件: ##修改配置文件,指向master端管理节点的主机地址
# vi /etc/salt/minion
16 master: master.linuxfan.cn
启动服务:
# for i in enable restart status;do systemctl $i salt-minion;done
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2017-08-16 15:42:19 CST; 45ms ago
Main PID: 16209 (salt-minion)
CGroup: /system.slice/salt-minion.service
└─16209 /usr/bin/python /usr/bin/salt-minion
8月 16 15:42:19 minion1.linuxfan.cn systemd: Started The Salt Minion.
8月 16 15:42:19 minion1.linuxfan.cn systemd: Starting The Salt Minion...
所有节点都要做这些操作。
3: 授权
minion节点上在设置完成第一次启动后,会生成一个公钥和私钥,私有的公钥minion端会保留,它会把公钥传输给master端。等待master允许确认,master端确认后就能任意摆布minion节点了。
在master端接受minion上传的公钥
(1):查看等待接受授权的minion节点主机:
salt-key list和salt-key -L 都可查看:
# salt-key list
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion1.linuxfan.cn
minion2.linuxfan.cn
Rejected Keys:
# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion1.linuxfan.cn
minion2.linuxfan.cn
Rejected Keys:
可以看到有两个主机为为许可的状态,
使用salt-key -A授权:
# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
minion1.linuxfan.cn
minion2.linuxfan.cn
Proceed? y
Key for minion minion1.linuxfan.cn accepted.
Key for minion minion2.linuxfan.cn accepted.
再次查看发现两台节点已经被许可了
# salt-key -L
Accepted Keys:
minion1.linuxfan.cn
minion2.linuxfan.cn
Denied Keys:
Unaccepted Keys:
Rejected Keys:
验证节点主机的状态:
# salt "*" test.ping
minion1.linuxfan.cn:
True
minion2.linuxfan.cn:
True
都是ok的!
4: salt命令和基本用法
查看salt的文档:
# salt "*" sys.doc |less
##salt的命令语法,功能都可以在这里面查到
。。。。。。
'cmd.exec_code:'
Pass in two strings, the first naming the executable language, aka -
python2, python3, ruby, perl, lua, etc. the second string containing
the code you wish to execute. The stdout will be returned.
CLI Example:
salt '*' cmd.exec_code ruby 'puts "cheese"'
'cmd.exec_code_all:'
Pass in two strings, the first naming the executable language, aka -
python2, python3, ruby, perl, lua, etc. the second string containing
the code you wish to execute. All cmd artifacts (stdout, stderr, retcode, pid)
will be returned.
CLI Example:
salt '*' cmd.exec_code_all ruby 'puts "cheese"'
'cmd.has_exec:'
Returns true if the executable is available on the minion, false otherwise
CLI Example:
salt '*' cmd.has_exec cat
'cmd.retcode:'
。。。。。。
基本使用方法: salt “*”模块 * 是查看所有节点的信息,可以只改成一台或者几台主机的主机名,这样就只查看一台或者几台主机的信息,模块作用是获取节点的哪些信息,作哪些操作。
例:查看所有节点的路由信息
# salt "*" network.default_route
minion1.linuxfan.cn:
|_
----------
addr_family:
inet
destination:
0.0.0.0
flags:
UG
gateway:
10.0.0.2
interface:
eth0
netmask:
0.0.0.0
minion2.linuxfan.cn:
|_
----------
addr_family:
inet
destination:
0.0.0.0
flags:
UG
gateway:
10.0.0.2
interface:
eth0
netmask:
0.0.0.0
例:查看其中一台节点主机minion1.linuxfan.cn的ip信息:
# salt "minion1.linuxfan.cn" network.ip_addrs
minion1.linuxfan.cn:
- 10.0.0.40
salt '*' network.default_route ##查看路由信息
salt '*' network.ip_addrs ##查看ip信息
salt '*' partition.list /dev/sda ##查看磁盘使用情况
salt '*' pkg.list_repos ##查看yum源的文件
salt '*' pkg.modified
salt '*' service.get_all ##查看安装的所有服务
salt '*' service.get_enabled ##获取开启的服务
salt '*' status.meminfo ##获取内存状态
salt '*' status.master
salt '*' status.netstats ##获取进程信息
salt '*' status.procs
salt '*' status.uptime
salt -E 支持正则表达式
例:
# salt -E 'minion.linuxfan.cn' selinux.getenforce
minion2.linuxfan.cn:
Module 'selinux' is not available.
minion1.linuxfan.cn:
Module 'selinux' is not available.
ERROR: Minions returned with non-zero exit code
匹配系统显示内核版本:
例:
salt -G 'os:centos' grains.item kernelrelease
# salt -G 'os:centos' grains.item kernelrelease
minion1.linuxfan.cn:
----------
kernelrelease:
3.10.0-514.el7.x86_64
minion2.linuxfan.cn:
----------
kernelrelease:
3.10.0-514.el7.x86_64
常用模块:
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cron.html##官方文档
cp模块(实现远程文件、目录的复制,以及下载URL文件等操作)
[*] 修改配置文件指定文件的根目录
[*] 新建文件的根目录
[*] 将要复制到远程的文件复制到根目录,或者新建到根目录下
[*] 重启服务
[*] 执行cp命令
[*] 验证
# vi /etc/salt/master
406file_roots:
407 base:
408 - /srv/salt/
# mkdir /srv/salt
# ls /srv/salt
# cp /etc/resolv.conf /srv/salt/resolv.conf
# ls /srv/salt
resolv.conf
# echo "nameserver 114.114.114.114" >>/srv/salt/resolv.conf
# cat /srv/salt/resolv.conf
# Generated by NetworkManager
search linuxfan.cn
nameserver 202.106.0.20
nameserver 114.114.114.114
# systemctl restart salt-maste
例:复制文件到远程节点
# salt '*' cp.get_file salt://resolv.conf /etc/resolv.conf
minion1.linuxfan.cn:
/etc/resolv.conf
minion2.linuxfan.cn:
/etc/resolv.conf
# salt '*' cp.get_file salt://resolv.conf /etc/resolv.conf
minion1.linuxfan.cn:
/etc/resolv.conf
minion2.linuxfan.cn:
/etc/resolv.conf
# cat /etc/resolv.conf
# Generated by NetworkManager
search linuxfan.cn
nameserver 202.106.0.20
nameserver 114.114.114.114
例2:复制目录到远程:
mount -o bin 这个是挂载的意识,是将文件从一个位置挂载到另一个位置,类似于软链接
# mkdir /srv/salt/yum
# mount -o bind /etc/yum.repos.d/ /srv/salt/yum/
# ls /srv/salt/yum/
CentOS-Base.repoCentOS-Debuginfo.repoCentOS-Media.repo CentOS-Vault.repoepel-testing.repo
CentOS-CR.repo CentOS-fasttrack.repoCentOS-Sources.repoepel.repo
# salt "*" cp.get_dir salt://yum/ /tmp/
minion1.linuxfan.cn:
- /tmp//yum/CentOS-Base.repo
- /tmp//yum/CentOS-CR.repo
- /tmp//yum/CentOS-Debuginfo.repo
- /tmp//yum/CentOS-Media.repo
- /tmp//yum/CentOS-Sources.repo
- /tmp//yum/CentOS-Vault.repo
- /tmp//yum/CentOS-fasttrack.repo
- /tmp//yum/epel-testing.repo
- /tmp//yum/epel.repo
minion2.linuxfan.cn:
- /tmp//yum/CentOS-Base.repo
- /tmp//yum/CentOS-CR.repo
- /tmp//yum/CentOS-Debuginfo.repo
- /tmp//yum/CentOS-Media.repo
- /tmp//yum/CentOS-Sources.repo
- /tmp//yum/CentOS-Vault.repo
- /tmp//yum/CentOS-fasttrack.repo
- /tmp//yum/epel-testing.repo
- /tmp//yum/epel.repo
在节点上测试查看
# ls /tmp/yum
CentOS-Base.repoCentOS-Debuginfo.repoCentOS-Media.repo CentOS-Vault.repoepel-testing.repo
CentOS-CR.repo CentOS-fasttrack.repoCentOS-Sources.repoepel.repo
#
例3:下载url内容到指被控主机的指定位置;
比如下载个apache的源码包给minion1.linuxfan.cn
# salt "minion1.linuxfan.cn" cp.get_url http://mirrors.tuna.tsinghua.edu.cn/apache//httpd/httpd-2.2.34.tar.gz /root/httpd-2.2.34.tar.gz
minion1.linuxfan.cn:
/root/httpd-2.2.34.tar.gz
到minion1上查看:
# ls /root
anaconda-ks.cfghttpd-2.2.34.tar.gz
cmd模块(实现远程的命令行调用执行)
例:查看ip地址和安装httpd
# salt "minion1.linuxfan.cn" cmd.run 'ifconfig'
minion1.linuxfan.cn:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu 1500
inet 10.0.0.40netmask 255.255.255.0broadcast 10.0.0.255
ether 00:0c:29:32:d6:08txqueuelen 1000(Ethernet)
RX packets 34832bytes 46321413 (44.1 MiB)
RX errors 0dropped 0overruns 0frame 0
TX packets 15360bytes 2755602 (2.6 MiB)
TX errors 0dropped 0 overruns 0carrier 0collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING>mtu 65536
inet 127.0.0.1netmask 255.0.0.0
looptxqueuelen 1(Local Loopback)
RX packets 64bytes 5568 (5.4 KiB)
RX errors 0dropped 0overruns 0frame 0
TX packets 64bytes 5568 (5.4 KiB)
TX errors 0dropped 0 overruns 0carrier 0collisions 0
# salt "minion1.linuxfan.cn" cmd.run 'yum -y install httpd'
minion1.linuxfan.cn:
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* epel: mirrors.ustc.edu.cn
。。。。。。
验证
# rpm -qa httpd
httpd-2.4.6-45.el7.centos.4.x86_64
cmd.run就相当于在主机上执行命令一样
cron模块:(实现被控主机的计划任务的管理配置)
# salt "*" cron.set_job root '*0' '*' '*' '*' '6' '/usr/bin/yum -y update'
minion2.linuxfan.cn:
new
minion1.linuxfan.cn:
new
# salt "*" cron.raw_cron root
minion2.linuxfan.cn:
# Lines below here are managed by Salt, do not edit
*0 * * * 6 /usr/bin/yum -y update
minion1.linuxfan.cn:
# Lines below here are managed by Salt, do not edit
*0 * * * 6 /usr/bin/yum -y update
# salt '*' cron.rm_job root 'date'
minion1.linuxfan.cn:
absent
minion2.linuxfan.cn:
absent
# salt "*" cron.raw_cron root
minion2.linuxfan.cn:
# Lines below here are managed by Salt, do not edit
*0 * * * 6 /usr/bin/yum -y update
minion1.linuxfan.cn:
# Lines below here are managed by Salt, do not edit
*0 * * * 6 /usr/bin/yum -y update
# salt '*' cron.rm_job root '/usr/bin/yum -y update' dayweek=6
minion2.linuxfan.cn:
removed
minion1.linuxfan.cn:
removed
# salt "*" cron.raw_cron root
minion1.linuxfan.cn:
# Lines below here are managed by Salt, do not edit
minion2.linuxfan.cn:
# Lines below here are managed by Salt, do not edit
dnsutil模块(实现被控主机通用DNS操作)
##给所有节点添加一条hosts解析:
# salt "*" dnsutil.hosts_append /etc/hosts 10.0.0.30 master
minion2.linuxfan.cn:
The following line was added to /etc/hosts:
10.0.0.30 master
minion1.linuxfan.cn:
The following line was added to /etc/hosts:
10.0.0.30 master
测试:
# tail -1 /etc/hosts
10.0.0.30 master
# ping master
PING master (10.0.0.30) 56(84) bytes of data.
64 bytes from master.linuxfan.cn (10.0.0.30): icmp_seq=1 ttl=64 time=0.913 ms
file模块(被控主机文件常见操作,包括文件读写、权限、查找、校验等)
获取文件的MD5
# salt "*" file.get_sum /etc/resolv.conf
minion2.linuxfan.cn:
57fa7cd7226c49a1315e387c5f89af59ee4567a308a531441b8d762ff9a4ca2f
minion1.linuxfan.cn:
57fa7cd7226c49a1315e387c5f89af59ee4567a308a531441b8d762ff9a4ca2f
查看文件详细信息:
# salt "*" file.stats /etc/resolv.conf
minion2.linuxfan.cn:
----------
atime:
1502872477.38
ctime:
1502872448.02
gid:
0
group:
root
inode:
67681665
mode:
0644
mtime:
1502872448.02
size:
100
target:
/etc/resolv.conf
type:
file
uid:
0
user:
root
network模块:
network.ip_addrs获取ip地址
network.interface获取网卡接口信息
# salt "*" network.ip_addrs
minion2.linuxfan.cn:
- 10.0.0.50
minion1.linuxfan.cn:
- 10.0.0.40
# salt "*" network.interfaces
minion2.linuxfan.cn:
----------
eth0:
----------
hwaddr:
00:0c:29:6b:92:22
inet:
|_
----------
address:
10.0.0.50
broadcast:
10.0.0.255
label:
eth0
netmask:
255.255.255.0
up:
True
。。。。。。
pkg包管理模块(被控主机程序包管理,如yum、apt-get等)
# salt '*' pkg.remove httpd
minion2.linuxfan.cn:
----------
minion1.linuxfan.cn:
----------
httpd:
----------
new:
old:
2.4.6-45.el7.centos.4
# salt '*' pkg.install httpd
minion1.linuxfan.cn:
----------
httpd:
----------
new:
2.4.6-45.el7.centos.4
old:
minion2.linuxfan.cn:
----------
httpd:
----------
new:
2.4.6-45.el7.centos.4
old:
httpd-tools:
----------
new:
2.4.6-45.el7.centos.4
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
# salt '*' pkg.file_list httpd
minion1.linuxfan.cn:
----------
errors:
files:
- /etc/httpd
- /etc/httpd/conf
- /etc/httpd/conf.d
- /etc/httpd/conf.d/README
- /etc/httpd/conf.d/autoindex.conf
- /etc/httpd/conf.d/userdir.conf
- /etc/httpd/conf.d/welcome.conf
- /etc/httpd/conf.modules.d
- /etc/httpd/conf.modules.d/00-base.conf
- /etc/httpd/conf.modules.d/00-dav.conf
- /etc/httpd/conf.modules.d/00-lua.conf
。。。。。。
service模块,服务的控制。如启动停止重启服务的操作
# salt '*' service.enable 服务
# salt '*' service.disable 服务
# salt '*' service.status 服务
# salt '*' service.stop 服务
# salt '*' service.start 服务
# salt '*' service.restart 服务
# salt '*' service.reload 服务
# salt "*" service.enable httpd
minion1.linuxfan.cn:
True
minion2.linuxfan.cn:
True
# salt "*" service.start httpd
minion2.linuxfan.cn:
True
minion1.linuxfan.cn:
True
页:
[1]