安装和配置saltstack

师傅你而

安装salt-master
　　rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum install -y salt-master

mkdir /srv/salt

vim /etc/salt/master

修改



interface: 10.101.20.60

启动salt-master

/etc/init.d/salt-master start

chkconfig salt-master --level 35 on



分组

vim /etc/salt/master

nodegroups:
group1: 'L@10.101.20.61,10.101.20.62,10.101.20.63'
　　

安装salt-minion
　　vim install_salt_minion.sh
　　#!/bin/bash   
if [ -f "/etc/salt/minion" ];then
echo "salt-minion had installed!"
exit
fi
# get network ip addr function      
function getIP()      
{   
NET=$1   
if [ "$NET" = "" ]; then   
NET="eth0"   
fi   
IP=""   
if [ $(ifconfig | grep "$NET" | wc -l) -gt 0 ]; then   
IP=$(ifconfig $NET | grep 'inet addr:' | awk -F: '{print $2}' | awk '{print $1}')   
fi   
echo $IP      
}   
SERVER_ADDR="10.3.2.115"   
LOCAL_ADDR=$(getIP eth0)
if [ "$LOCAL_ADDR" = "" ];then
LOCAL_ADDR=$(getIP bond0)
fi

VER=$(cat /etc/redhat-release | awk '{print $3}')
if [ "$VER" = "6.5" ];then
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm   
elif [ "$VER" = "5.7" ];then
rpm -ivh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm   
wget --no-check-certificate https://copr.fedoraproject.org/coprs/saltstack/salt-el5/repo/epel-5/saltstack-salt-el5-epel-5.repo -O /etc/yum.repos.d/saltstack-copr-el5.repo
else
exit 1
fi

yum install -y python salt-minion   
sed -i "/^#master: salt/a\master: $SERVER_ADDR" /etc/salt/minion   
sed -i "/^#id:/a\id: $LOCAL_ADDR" /etc/salt/minion   
/etc/init.d/salt-minion start  
chkconfig salt-minion --level 35 on  
echo "00 01 * * * /etc/init.d/salt-minion restart >/dev/null 2>&1" >> /var/spool/cron/root


　　



在salt-master服务器上执行操作

认证命令

salt-key -L         显示已经认证或未认证的被控端id

salt-key -D         删除所有认证主机id证书

salt-key -d 'id'    删除单个id证书

salt-key -A         接受所有id证书请求

salt-key -a 'id'    接受单个id证书请求



常用测试命令

salt '*' test.ping

salt '*' cmd.run 'uptime'

salt -L '10.101.20.61' cmd.run 'uptime'

salt -N 'group1' cmd.run 'uptime'
　　salt -L '10.101.20.61' cp.get_file salt://zabbix/zabbix-2.4.4.tar.gz /usr/local/src/zabbix-2.4.4.tar.gz
　　salt '10.101.20.61' grains.ls      列出grains所有items

salt '10.101.20.61' grains.items   打印grains所有items值

salt '10.101.20.61' grains.item id 查看grains单个item值







使用saltstack安装zabbix agent

vim /srv/salt/zabbix/install_zabbix_agent.sls

添加

/usr/local/src/zabbix-2.4.4.tar.gz:
  file.managed:
    - source: salt://zabbix/zabbix-2.4.4.tar.gz
    - user: root
    - group: root
    - mode: 644
/usr/local/src/install_zabbix_agent.sh:
  cmd.script:
    - source: salt://zabbix/install_zabbix_agent.sh
    - user: root
    - shell: /bin/bash


salt -L '192.168.1.101' state.sls zabbix.install_zabbix_agent -v
　　
　　


　　使用saltstack调用系统命令管理系统用户
　　添加用户并设置密码

salt -L '192.168.1.101' cmd.run '/usr/sbin/useradd -u 1001 -g 1001 -p 123456  zhao' -v



设置用户密码

salt -L '192.168.1.101' cmd.run '/bin/echo 123456 | /usr/bin/passwd --stdin zhao' -v



删除用户

salt -L '192.168.1.101' cmd.run '/usr/sbin/userdel -r zhao' -v





开启SSH KEY登陆

salt -L '192.168.1.101' cmd.run "/bin/sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config;/etc/init.d/sshd restart" -v

用户添加公钥

salt -L '192.168.1.101' cmd.run '/bin/mkdir /home/zhao/.ssh' -v

salt -L '192.168.1.101' cmd.run '/bin/echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuhy3wPKiJv7dYgR6doUYpU40hGDmfc7DWNYXVA6Ld/CQKUquKJSfrxAXXkLrFiaBg8REt+HZnm0ofCJeJBPr8CiKxOu692TFbBIx7/YekAk/QMpG9CS0emEAsFLBXaJPN2f0NIHrnyxQNF5Zxd+yi3EQe3UTZ67uDtJW/WDAeLdIldk8DlWpI8IhORGuvWmuae3c5j6KV82yySB4RBaHNOCKPcIMyQqNS09ycTbTVIv8TWD3iq1sIf3iLhSvNTNKWSDMnqcMQ5+d+CSwT3bpEgqWT5FKlHVJWdMhcSnfzJ7oyBIjMxBPxvY8k1kVawwJjw7FO5MutwsfPebbjq6tMw==
root@localhost.localdomain" >> /home/zhao/.ssh/authorized_keys' -v

salt -L '192.168.1.101' cmd.run '/bin/chown -R zhao /home/zhao/.ssh' -v

salt -L '192.168.1.101' cmd.run '/bin/chmod 600 /home/zhao/.ssh/authorized_keys' -v


　　


　　saltstack管理用户

vim useradd.sls
　　

user1:
user.present:
- fullname: user1
- password: '$1$jQCCbRPU$LsDTUmQ9CoDoM8IwiDFMy0'
- shell: /bin/bash
- home: /home/user1
- uid: 1001
- gid: 1001
- require:
- group: zucheops
user2:
user.present:
- fullname: user2
- password: '$1$jQCCbRPU$LsDTUmQ9CoDoM8IwiDFMy0'
- shell: /bin/bash
- home: /home/user2
- uid: 1002
- gid: 1001
- require:
- group: zucheops
zucheops:
group.present:
- gid: 1001



vim userdel.sls　　
　　

user2:
user.absent:
- purge: True
- force: True
　　
　　


　　PYTHON程序调用saltstack API
　　vim  test.py



#!/usr/bin/python
import salt.client
client = salt.client.LocalClient()
ret = client.cmd('*', 'test.ping')
ret = client.cmd('*', 'cmd.run', ['hostname'])
print ret
　　
　　


　　


　　


　　以下为state.sls递归复制目录


　　vim /srv/salt/global/deployment_api/init.sls
　　

/KTSGAPI/ktsg-api:
file.recurse:
- source: salt://global/deployment_api/ktsg-api
- user: root
- group: root
- dir_mode: 755
- file_mode: 755
- recurse:
- user
- group
salt -N 'KT-API-G1' state.sls global.deployment_api -v | tee /root/deployment_api.log
　　


　　
　　jiajia模板


　　vim test/nginx.sls
　　

/usr/local/src/nginx.conf:
file.managed:
- source: salt://test/nginx.conf
- user: root
- group: root
- mode: 644
- template: jinja

vim test/nginx.conf
　　
　　

{% if grains['id'] == '10.101.20.61' %}
id: 10.101.20.61
{% elif grains['id'] == '10.101.20.62' %}
id: 10.101.20.62
{% elif grains['id'] == '10.101.20.63' %}
id: 10.101.20.63
{% else %}
id:
{% endif %}
　　
　　

salt '*' state.sls test.nginx -v