首页 > 代码库 > 自动化运维之saltstack

自动化运维之saltstack

1、软件环境:

[root@localhost ~]# cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core) 
[root@localhost ~]# uname -a
Linux localhost.localdomain 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]#


(1)修改selinux配置文件:

[root@localhost ~]# vim /etc/sysconfig/selinux 
SELINUX=enforcing 改为 SELINUX=disabled

(2)关闭防火墙:

[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -L

IP分配如下:

master 192.168.112.140

minion 192.168.112.141

minion 192.168.112.142


(3)master和minion端部署安装

master端执行:

[root@localhost ~]# yum install epel-release
[root@localhost ~]# yum install -y salt-master

minion端执行:

[root@localhost ~]# yum install epel-release
[root@localhost ~]# yum install salt-minion


(4)修改配置文件:

[root@localhost ~]# vim /etc/salt/minion 
master: 192.168.112.140
id:  server02
[root@localhost ~]#
[root@localhost ~]# systemctl start salt-minion
[root@localhost ~]# ps -ef|grep salt-minion
root      2505     1  2 23:06 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root      2508  2505  8 23:06 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root      2536  2318  0 23:06 pts/0    00:00:00 grep --color=auto salt-minion
[root@localhost ~]# netstat -lnupt|grep 4505
tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      2304/python         
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# vim /etc/salt/minion
master: 192.168.112.140
id:  server03
[root@localhost ~]#
[root@localhost ~]# systemctl start salt-minion
[root@localhost ~]# ps -ef|grep salt-minion
root      2487     1  1 23:05 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root      2490  2487  4 23:06 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root      2521  2320  0 23:06 pts/0    00:00:00 grep --color=auto salt-minion
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]#


(5)设置salt-master和salt-minion开机启动

[root@localhost ~]# systemctl enable salt-master
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
[root@localhost ~]#
[root@localhost ~]# systemctl enable salt-minion
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
[root@localhost ~]#


2、配置saltstack认证

salt-key        //查看已经签名的客户端

salt-key -a    //签名指定的主机

salt-key -A    //签名所有的主机

salt-key -d    //删除指定主机的签名

salt-key --help   //查看各命令的用法

[root@localhost ~]# salt-key 
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server02
server03
Rejected Keys:
[root@localhost ~]# 
[root@localhost ~]# salt-key -a server02
The following keys are going to be accepted:
Unaccepted Keys:
server02
Proceed? [n/Y] Y
Key for minion server02 accepted.
[root@localhost ~]# 
[root@localhost ~]# salt-key 
Accepted Keys:
server02
server03
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@localhost ~]#

3、日常用法

test.ping用户检查master到minion端的网络连通性,返回True即正常,False为异常

[root@localhost ~]# salt ‘*‘ test.ping
server02:
    True
server03:
    True
[root@localhost ~]#

cmd.run 在minion端执行shell命令,记住这模块只能执行短连接命令,比如df命令;长连接的无法返回结果,比如top命令

[root@localhost ~]# salt ‘*‘ cmd.run ‘hostname‘
server03:
    localhost.localdomain
server02:
    localhost.localdomain
[root@localhost ~]# salt ‘*‘ cmd.run ‘df -Th‘
server02:
    Filesystem     Type      Size  Used Avail Use% Mounted on
    /dev/sda3      xfs        90G  1.8G   89G   2% /
    devtmpfs       devtmpfs  231M     0  231M   0% /dev
    tmpfs          tmpfs     241M   12K  241M   1% /dev/shm
    tmpfs          tmpfs     241M  4.6M  236M   2% /run
    tmpfs          tmpfs     241M     0  241M   0% /sys/fs/cgroup
    /dev/sda1      xfs      1014M  131M  884M  13% /boot
    tmpfs          tmpfs      49M     0   49M   0% /run/user/0
server03:
    Filesystem     Type      Size  Used Avail Use% Mounted on
    /dev/sda3      xfs        90G  1.8G   89G   2% /
    devtmpfs       devtmpfs  231M     0  231M   0% /dev
    tmpfs          tmpfs     241M   12K  241M   1% /dev/shm
    tmpfs          tmpfs     241M  4.6M  236M   2% /run
    tmpfs          tmpfs     241M     0  241M   0% /sys/fs/cgroup
    /dev/sda1      xfs      1014M  131M  884M  13% /boot
    tmpfs          tmpfs      49M     0   49M   0% /run/user/0
[root@localhost ~]#

 显示被控主机的操作系统类型

[root@localhost ~]# salt ‘*‘ grains.item os
server02:
    ----------
    os:
        CentOS
server03:
    ----------
    os:
        CentOS
[root@localhost ~]#

远程代码执行测试

[root@localhost ~]# salt ‘*‘ cmd.exec_code python ‘import sys;print sys.version‘
server02:
    2.7.5 (default, Nov  6 2016, 00:28:07) 
    [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
server03:
    2.7.5 (default, Nov  6 2016, 00:28:07) 
    [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
[root@localhost ~]#

4、常用模块介绍

(1)、cp模块(实现远程文件、目录的复制,以及下载URL文件等操作)

 #将主服务器file_roots指定位置下的目录复制到被控主机

打开master文件中的

#file_roots:

  base:

    - /srv/salt


改为:

file_roots:

  base:

    - /srv/salt


# salt ‘*‘ cp.get_dir salt://test_dir /data

salt:// --->表示file_root指定的路径,这里是/srv/salt,salt://test_dir 表示/srv/salt/test_dir

/data   --->表示目标主机上的根目录下的data目录

[root@localhost ~]# ll /srv/salt/test_dir/
total 672
-rw-r--r-- 1 root root 686011 May  7 22:37 nginx-1.0.10.tar.gz
[root@localhost ~]# salt ‘*‘ cp.get_dir salt://test_dir /data
server02:
    - /data/test_dir/nginx-1.0.10.tar.gz
server03:
    - /data/test_dir/nginx-1.0.10.tar.gz
[root@localhost ~]# salt ‘*‘ cmd.run ‘ls -l  /data‘
server03:
    total 0
    drwxr-xr-x 2 root root 33 Jun  1 02:12 test_dir
server02:
    total 0
    drwxr-xr-x 2 root root 33 Jun  1 02:12 test_dir
[root@localhost ~]#


#将主服务器file_roots指定位置下的文件复制到被控主机

# salt ‘*‘ cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz

[root@localhost salt]# salt ‘*‘ cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz
server02:
    /root/nginx-1.0.10.tar.gz
server03:
    /root/nginx-1.0.10.tar.gz
[root@localhost salt]# salt ‘*‘ cmd.run ‘ls -l /root/‘
server02:
    total 676
    -rw-------. 1 root root   1496 Jan 17 09:03 anaconda-ks.cfg
    -rw-r--r--  1 root root 686011 Jun  1 02:15 nginx-1.0.10.tar.gz
server03:
    total 676
    -rw-------. 1 root root   1496 Jan 17 09:03 anaconda-ks.cfg
    -rw-r--r--  1 root root 686011 Jun  1 02:15 nginx-1.0.10.tar.gz
[root@localhost salt]#


#下载指定URL内容到被控主机指定位置

salt ‘*‘ cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm  /root/GeoIP-1.6.5.-1.e16.x86_64.rpm

cp.get_url 根据指定的url地址下载文件到被控端主机的对应目录下,这里被控端目录/root/下面

[root@localhost salt]# salt ‘*‘ cmd.run ‘ls -l /root/‘
server02:
    total 676
    -rw-------. 1 root root   1496 Jan 17 09:03 anaconda-ks.cfg
    -rw-r--r--  1 root root 686011 Jun  1 02:15 nginx-1.0.10.tar.gz
server03:
    total 676
    -rw-------. 1 root root   1496 Jan 17 09:03 anaconda-ks.cfg
    -rw-r--r--  1 root root 686011 Jun  1 02:15 nginx-1.0.10.tar.gz
[root@localhost salt]# salt ‘*‘ cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm  /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
server03:
    /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
server02:
    /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
[root@localhost salt]# salt ‘*‘ cmd.run ‘ls -l /root/‘
server02:
    total 792
    -rw-r--r--  1 root root 115316 Jun  1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
    -rw-------. 1 root root   1496 Jan 17 09:03 anaconda-ks.cfg
    -rw-r--r--  1 root root 686011 Jun  1 02:15 nginx-1.0.10.tar.gz
server03:
    total 792
    -rw-r--r--  1 root root 115316 Jun  1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm
    -rw-------. 1 root root   1496 Jan 17 09:03 anaconda-ks.cfg
    -rw-r--r--  1 root root 686011 Jun  1 02:15 nginx-1.0.10.tar.gz
[root@localhost salt]#

#salt ‘*‘ cp.hash_file salt://test-file

cp.hash_file获取主控端下发到被控端后文件的hash值,一般用于对比每个被控端某个文件的hash值

[root@localhost ~]# salt ‘*‘ cp.hash_file salt://nginx-1.0.10.tar.gz
server02:
    ----------
    hash_type:
        md5
    hsum:
        930b297b00fa1018fb0a1dd3e6b7e17e
server03:
    ----------
    hash_type:
        md5
    hsum:
        930b297b00fa1018fb0a1dd3e6b7e17e
[root@localhost ~]#

(2)、cmd模块(实现远程的命令行调用执行)

# salt ‘*‘ cmd.run ‘netstat -ntlp‘

[root@localhost salt]# salt ‘*‘ cmd.run ‘netstat -lnupt‘
server02:
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1184/sshd           
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2013/master         
    tcp6       0      0 :::22                   :::*                    LISTEN      1184/sshd           
    tcp6       0      0 ::1:25                  :::*                    LISTEN      2013/master         
    udp        0      0 0.0.0.0:32525           0.0.0.0:*                           737/dhclient        
    udp        0      0 127.0.0.1:323           0.0.0.0:*                           672/chronyd         
    udp        0      0 0.0.0.0:68              0.0.0.0:*                           737/dhclient        
    udp6       0      0 ::1:323                 :::*                                672/chronyd         
    udp6       0      0 :::14472                :::*                                737/dhclient
server03:
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1191/sshd           
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1835/master         
    tcp6       0      0 :::22                   :::*                    LISTEN      1191/sshd           
    tcp6       0      0 ::1:25                  :::*                    LISTEN      1835/master         
    udp        0      0 0.0.0.0:32525           0.0.0.0:*                           729/dhclient        
    udp        0      0 127.0.0.1:323           0.0.0.0:*                           661/chronyd         
    udp        0      0 0.0.0.0:68              0.0.0.0:*                           729/dhclient        
    udp6       0      0 ::1:323                 :::*                                661/chronyd         
    udp6       0      0 :::14472                :::*                                729/dhclient
[root@localhost salt]#


(3)、cron模块(实现被控主机的crontab操作)

## 为指定的被控主机、root用户添加crontab信息

# salt ‘*‘ cron.set_job root ‘*/5‘ ‘*‘ ‘*‘ ‘*‘ ‘*‘ ‘date >/dev/null 2>&1‘

# salt ‘*‘ cron.raw_cron root

[root@localhost salt]# salt ‘*‘ cron.set_job root ‘*/60‘ ‘*‘ ‘*‘ ‘*‘ ‘*‘ ‘/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1‘
server02:
    new
server03:
    new
[root@localhost salt]#
[root@localhost salt]# salt ‘*‘ cmd.run ‘crontab -l‘
server03:
    # Lines below here are managed by Salt, do not edit
    */60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1
server02:
    # Lines below here are managed by Salt, do not edit
    */60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1
[root@localhost salt]#

## 删除指定的被控主机、root用户的crontab信息

[root@localhost salt]# salt ‘*‘ cron.rm_job root ‘/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1‘
server02:
    removed
server03:
    removed
[root@localhost salt]# salt ‘*‘ cmd.run ‘crontab -l‘
server03:
    # Lines below here are managed by Salt, do not edit
server02:
    # Lines below here are managed by Salt, do not edit
[root@localhost salt]#


(4)、dnsutil模块(实现被控主机通用DNS操作)

给被控制端添加指定的hosts配置项目,即host主机记录

#salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.140 server01

#salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.141 server02

#salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.142 server03

[root@localhost salt]# salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.140 server01
server02:
    The following line was added to /etc/hosts:
    192.168.112.140 server01
server03:
    The following line was added to /etc/hosts:
    192.168.112.140 server01
[root@localhost salt]# salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.141 server02
server03:
    The following line was added to /etc/hosts:
    192.168.112.141 server02
server02:
    The following line was added to /etc/hosts:
    192.168.112.141 server02
[root@localhost salt]# salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.142 server03
server03:
    The following line was added to /etc/hosts:
    192.168.112.142 server03
server02:
    The following line was added to /etc/hosts:
    192.168.112.142 server03
[root@localhost salt]# salt ‘*‘ cmd.run ‘grep 192.168.112.* /etc/hosts‘
server03:
    192.168.112.140 server01
    192.168.112.141 server02
    192.168.112.142 server03
server02:
    192.168.112.140 server01
    192.168.112.141 server02
    192.168.112.142 server03
[root@localhost salt]#


(5)、file模块(被控主机文件常见操作,包括文件读写、权限、查找、校验等)

# salt ‘*‘ file.get_sum /etc/hosts md5

# salt ‘*‘ file.stats /etc/hosts

[root@localhost salt]# salt ‘*‘ file.get_sum /etc/hosts md5
server03:
    7895e4dd8df907aa29d026a75f2a035a
server02:
    7895e4dd8df907aa29d026a75f2a035a
[root@localhost salt]# salt ‘*‘ file.stats /etc/hosts
server02:
    ----------
    atime:
        1496299480.63
    ctime:
        1496299455.14
    gid:
        0
    group:
        root
    inode:
        67128992
    mode:
        0644
    mtime:
        1496299455.14
    size:
        234
    target:
        /etc/hosts
    type:
        file
    uid:
        0
    user:
        root
server03:
    ----------
    atime:
        1496299480.62
    ctime:
        1496299455.14
    gid:
        0
    group:
        root
    inode:
        67109270
    mode:
        0644
    mtime:
        1496299455.14
    size:
        234
    target:
        /etc/hosts
    type:
        file
    uid:
        0
    user:
        root
[root@localhost salt]#


(6)、network模块(返回被控主机网络信息)

# salt ‘*‘ network.ip_addrs

# salt ‘*‘ network.interfaces

[root@localhost salt]# salt ‘*‘ network.ip_addrs
server03:
    - 192.168.112.142
server02:
    - 192.168.112.141
[root@localhost salt]# salt ‘*‘ network.interfaces
server02:
    ----------
    eth0:
        ----------
        hwaddr:
            00:0c:29:0b:28:95
        inet:
            |_
              ----------
              address:
                  192.168.112.141
              broadcast:
                  192.168.112.255
              label:
                  eth0
              netmask:
                  255.255.255.0
        inet6:
            |_
              ----------
              address:
                  fe80::bf36:72fd:ae66:3183
              prefixlen:
                  64
              scope:
                  link
        up:
            True
    lo:
        ----------
        hwaddr:
            00:00:00:00:00:00
        inet:
            |_
              ----------
              address:
                  127.0.0.1
              broadcast:
                  None
              label:
                  lo
              netmask:
                  255.0.0.0
        inet6:
            |_
              ----------
              address:
                  ::1
              prefixlen:
                  128
              scope:
                  host
        up:
            True
server03:
    ----------
    eth0:
        ----------
        hwaddr:
            00:0c:29:63:9d:12
        inet:
            |_
              ----------
              address:
                  192.168.112.142
              broadcast:
                  192.168.112.255
              label:
                  eth0
              netmask:
                  255.255.255.0
        inet6:
            |_
              ----------
              address:
                  fe80::7f27:a270:df5d:d68
              prefixlen:
                  64
              scope:
                  link
        up:
            True
    lo:
        ----------
        hwaddr:
            00:00:00:00:00:00
        inet:
            |_
              ----------
              address:
                  127.0.0.1
              broadcast:
                  None
              label:
                  lo
              netmask:
                  255.0.0.0
        inet6:
            |_
              ----------
              address:
                  ::1
              prefixlen:
                  128
              scope:
                  host
        up:
            True
[root@localhost salt]#


(7)、pkg包管理模块(被控主机程序包管理,如yum、apt-get等)

# salt ‘*‘ pkg.install httpd  --->安装Apache服务

# salt ‘*‘ pkg.file_list httpd---->查看Apache服务安装的路径及安装的文件

[root@localhost ~]# salt ‘*‘ pkg.install httpd
server03:
    ----------
    httpd:
        ----------
        new:
            2.4.6-45.el7.centos.4
        old:
    httpd-tools:
        ----------
        new:
            2.4.6-45.el7.centos.4
        old:
    mailcap:
        ----------
        new:
            2.1.41-2.el7
        old:
server02:
    ----------
    httpd:
        ----------
        new:
            2.4.6-45.el7.centos.4
        old:
    httpd-tools:
        ----------
        new:
            2.4.6-45.el7.centos.4
        old:
    mailcap:
        ----------
        new:
            2.1.41-2.el7
        old:
[root@localhost ~]#


(8)、service 服务模块(被控主机程序包服务管理)

# salt ‘*‘ service.enable httpd

# salt ‘*‘ service.disable httpd

# salt ‘*‘ service.status httpd

# salt ‘*‘ service.stop httpd

# salt ‘*‘ service.start httpd

# salt ‘*‘ service.restart httpd

# salt ‘*‘ service.reload httpd

[root@localhost ~]# salt ‘*‘ service.enable httpd
server02:
    True
server03:
    True
[root@localhost ~]# salt ‘*‘ service.disable httpd
server02:
    True
server03:
    True
[root@localhost ~]# salt ‘*‘ service.status httpd
server02:
    False
server03:
    False
[root@localhost ~]# salt ‘*‘ service.stop httpd
server02:
    True
server03:
    True
[root@localhost ~]# salt ‘*‘ service.start httpd
server03:
    True
server02:
    True
[root@localhost ~]# salt ‘*‘ service.reload httpd
server03:
    True
server02:
    True
[root@localhost ~]# salt ‘*‘ cmd.run ‘netstat -lnupt|grep httpd‘
server03:
    tcp6       0      0 :::80                   :::*                    LISTEN      17294/httpd
server02:
    tcp6       0      0 :::80                   :::*                    LISTEN      3231/httpd
[root@localhost ~]#


(9)、更多功能

更多的功能,比如:grains、pillar、states、modules、returner、runners、reactor等,还有如下高级命令的使用,以及模板配置的渲染、扩展模块的二次开发等,可以自己去深入学习,未完,待续........


本文出自 “平平淡淡才是真” 博客,请务必保留此出处http://ucode.blog.51cto.com/10837891/1931327

自动化运维之saltstack