首页 > 代码库 > 自动化运维之saltstack
自动化运维之saltstack
1、软件环境:
[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@localhost ~]# uname -a Linux localhost.localdomain 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost ~]#
(1)修改selinux配置文件:
[root@localhost ~]# vim /etc/sysconfig/selinux SELINUX=enforcing 改为 SELINUX=disabled
(2)关闭防火墙:
[root@localhost ~]# systemctl disable firewalld [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# iptables -F [root@localhost ~]# iptables -L
IP分配如下:
master 192.168.112.140
minion 192.168.112.141
minion 192.168.112.142
(3)master和minion端部署安装
master端执行:
[root@localhost ~]# yum install epel-release [root@localhost ~]# yum install -y salt-master
minion端执行:
[root@localhost ~]# yum install epel-release [root@localhost ~]# yum install salt-minion
(4)修改配置文件:
[root@localhost ~]# vim /etc/salt/minion master: 192.168.112.140 id: server02 [root@localhost ~]# [root@localhost ~]# systemctl start salt-minion [root@localhost ~]# ps -ef|grep salt-minion root 2505 1 2 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 2508 2505 8 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 2536 2318 0 23:06 pts/0 00:00:00 grep --color=auto salt-minion [root@localhost ~]# netstat -lnupt|grep 4505 tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2304/python [root@localhost ~]# [root@localhost ~]# [root@localhost ~]# vim /etc/salt/minion master: 192.168.112.140 id: server03 [root@localhost ~]# [root@localhost ~]# systemctl start salt-minion [root@localhost ~]# ps -ef|grep salt-minion root 2487 1 1 23:05 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 2490 2487 4 23:06 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion root 2521 2320 0 23:06 pts/0 00:00:00 grep --color=auto salt-minion [root@localhost ~]# [root@localhost ~]# [root@localhost ~]#
(5)设置salt-master和salt-minion开机启动
[root@localhost ~]# systemctl enable salt-master Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service. [root@localhost ~]# [root@localhost ~]# systemctl enable salt-minion Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service. [root@localhost ~]#
2、配置saltstack认证
salt-key //查看已经签名的客户端
salt-key -a //签名指定的主机
salt-key -A //签名所有的主机
salt-key -d //删除指定主机的签名
salt-key --help //查看各命令的用法
[root@localhost ~]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: server02 server03 Rejected Keys: [root@localhost ~]# [root@localhost ~]# salt-key -a server02 The following keys are going to be accepted: Unaccepted Keys: server02 Proceed? [n/Y] Y Key for minion server02 accepted. [root@localhost ~]# [root@localhost ~]# salt-key Accepted Keys: server02 server03 Denied Keys: Unaccepted Keys: Rejected Keys: [root@localhost ~]#
3、日常用法
test.ping用户检查master到minion端的网络连通性,返回True即正常,False为异常
[root@localhost ~]# salt ‘*‘ test.ping server02: True server03: True [root@localhost ~]#
cmd.run 在minion端执行shell命令,记住这模块只能执行短连接命令,比如df命令;长连接的无法返回结果,比如top命令
[root@localhost ~]# salt ‘*‘ cmd.run ‘hostname‘ server03: localhost.localdomain server02: localhost.localdomain [root@localhost ~]# salt ‘*‘ cmd.run ‘df -Th‘ server02: Filesystem Type Size Used Avail Use% Mounted on /dev/sda3 xfs 90G 1.8G 89G 2% / devtmpfs devtmpfs 231M 0 231M 0% /dev tmpfs tmpfs 241M 12K 241M 1% /dev/shm tmpfs tmpfs 241M 4.6M 236M 2% /run tmpfs tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 131M 884M 13% /boot tmpfs tmpfs 49M 0 49M 0% /run/user/0 server03: Filesystem Type Size Used Avail Use% Mounted on /dev/sda3 xfs 90G 1.8G 89G 2% / devtmpfs devtmpfs 231M 0 231M 0% /dev tmpfs tmpfs 241M 12K 241M 1% /dev/shm tmpfs tmpfs 241M 4.6M 236M 2% /run tmpfs tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 131M 884M 13% /boot tmpfs tmpfs 49M 0 49M 0% /run/user/0 [root@localhost ~]#
显示被控主机的操作系统类型
[root@localhost ~]# salt ‘*‘ grains.item os server02: ---------- os: CentOS server03: ---------- os: CentOS [root@localhost ~]#
远程代码执行测试
[root@localhost ~]# salt ‘*‘ cmd.exec_code python ‘import sys;print sys.version‘ server02: 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] server03: 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] [root@localhost ~]#
4、常用模块介绍
(1)、cp模块(实现远程文件、目录的复制,以及下载URL文件等操作)
#将主服务器file_roots指定位置下的目录复制到被控主机
打开master文件中的
#file_roots:
base:
- /srv/salt
改为:
file_roots:
base:
- /srv/salt
# salt ‘*‘ cp.get_dir salt://test_dir /data
salt:// --->表示file_root指定的路径,这里是/srv/salt,salt://test_dir 表示/srv/salt/test_dir
/data --->表示目标主机上的根目录下的data目录
[root@localhost ~]# ll /srv/salt/test_dir/ total 672 -rw-r--r-- 1 root root 686011 May 7 22:37 nginx-1.0.10.tar.gz [root@localhost ~]# salt ‘*‘ cp.get_dir salt://test_dir /data server02: - /data/test_dir/nginx-1.0.10.tar.gz server03: - /data/test_dir/nginx-1.0.10.tar.gz [root@localhost ~]# salt ‘*‘ cmd.run ‘ls -l /data‘ server03: total 0 drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dir server02: total 0 drwxr-xr-x 2 root root 33 Jun 1 02:12 test_dir [root@localhost ~]#
#将主服务器file_roots指定位置下的文件复制到被控主机
# salt ‘*‘ cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz
[root@localhost salt]# salt ‘*‘ cp.get_file salt://nginx-1.0.10.tar.gz /root/nginx-1.0.10.tar.gz server02: /root/nginx-1.0.10.tar.gz server03: /root/nginx-1.0.10.tar.gz [root@localhost salt]# salt ‘*‘ cmd.run ‘ls -l /root/‘ server02: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz server03: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz [root@localhost salt]#
#下载指定URL内容到被控主机指定位置
salt ‘*‘ cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpm
cp.get_url 根据指定的url地址下载文件到被控端主机的对应目录下,这里被控端目录/root/下面
[root@localhost salt]# salt ‘*‘ cmd.run ‘ls -l /root/‘ server02: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz server03: total 676 -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz [root@localhost salt]# salt ‘*‘ cp.get_url http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.6.5-1.el6.x86_64.rpm /root/GeoIP-1.6.5.-1.e16.x86_64.rpm server03: /root/GeoIP-1.6.5.-1.e16.x86_64.rpm server02: /root/GeoIP-1.6.5.-1.e16.x86_64.rpm [root@localhost salt]# salt ‘*‘ cmd.run ‘ls -l /root/‘ server02: total 792 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz server03: total 792 -rw-r--r-- 1 root root 115316 Jun 1 02:26 GeoIP-1.6.5.-1.e16.x86_64.rpm -rw-------. 1 root root 1496 Jan 17 09:03 anaconda-ks.cfg -rw-r--r-- 1 root root 686011 Jun 1 02:15 nginx-1.0.10.tar.gz [root@localhost salt]#
#salt ‘*‘ cp.hash_file salt://test-file
cp.hash_file获取主控端下发到被控端后文件的hash值,一般用于对比每个被控端某个文件的hash值
[root@localhost ~]# salt ‘*‘ cp.hash_file salt://nginx-1.0.10.tar.gz server02: ---------- hash_type: md5 hsum: 930b297b00fa1018fb0a1dd3e6b7e17e server03: ---------- hash_type: md5 hsum: 930b297b00fa1018fb0a1dd3e6b7e17e [root@localhost ~]#
(2)、cmd模块(实现远程的命令行调用执行)
# salt ‘*‘ cmd.run ‘netstat -ntlp‘
[root@localhost salt]# salt ‘*‘ cmd.run ‘netstat -lnupt‘ server02: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1184/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2013/master tcp6 0 0 :::22 :::* LISTEN 1184/sshd tcp6 0 0 ::1:25 :::* LISTEN 2013/master udp 0 0 0.0.0.0:32525 0.0.0.0:* 737/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 672/chronyd udp 0 0 0.0.0.0:68 0.0.0.0:* 737/dhclient udp6 0 0 ::1:323 :::* 672/chronyd udp6 0 0 :::14472 :::* 737/dhclient server03: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1191/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1835/master tcp6 0 0 :::22 :::* LISTEN 1191/sshd tcp6 0 0 ::1:25 :::* LISTEN 1835/master udp 0 0 0.0.0.0:32525 0.0.0.0:* 729/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 661/chronyd udp 0 0 0.0.0.0:68 0.0.0.0:* 729/dhclient udp6 0 0 ::1:323 :::* 661/chronyd udp6 0 0 :::14472 :::* 729/dhclient [root@localhost salt]#
(3)、cron模块(实现被控主机的crontab操作)
## 为指定的被控主机、root用户添加crontab信息
# salt ‘*‘ cron.set_job root ‘*/5‘ ‘*‘ ‘*‘ ‘*‘ ‘*‘ ‘date >/dev/null 2>&1‘
# salt ‘*‘ cron.raw_cron root
[root@localhost salt]# salt ‘*‘ cron.set_job root ‘*/60‘ ‘*‘ ‘*‘ ‘*‘ ‘*‘ ‘/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1‘ server02: new server03: new [root@localhost salt]# [root@localhost salt]# salt ‘*‘ cmd.run ‘crontab -l‘ server03: # Lines below here are managed by Salt, do not edit */60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1 server02: # Lines below here are managed by Salt, do not edit */60 * * * * /usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1 [root@localhost salt]#
## 删除指定的被控主机、root用户的crontab信息
[root@localhost salt]# salt ‘*‘ cron.rm_job root ‘/usr/local/nginx/sbin/nginx -s reload >/dev/null 2>&1‘ server02: removed server03: removed [root@localhost salt]# salt ‘*‘ cmd.run ‘crontab -l‘ server03: # Lines below here are managed by Salt, do not edit server02: # Lines below here are managed by Salt, do not edit [root@localhost salt]#
(4)、dnsutil模块(实现被控主机通用DNS操作)
给被控制端添加指定的hosts配置项目,即host主机记录
#salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.140 server01
#salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.141 server02
#salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.142 server03
[root@localhost salt]# salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.140 server01 server02: The following line was added to /etc/hosts: 192.168.112.140 server01 server03: The following line was added to /etc/hosts: 192.168.112.140 server01 [root@localhost salt]# salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.141 server02 server03: The following line was added to /etc/hosts: 192.168.112.141 server02 server02: The following line was added to /etc/hosts: 192.168.112.141 server02 [root@localhost salt]# salt ‘*‘ dnsutil.hosts_append /etc/hosts 192.168.112.142 server03 server03: The following line was added to /etc/hosts: 192.168.112.142 server03 server02: The following line was added to /etc/hosts: 192.168.112.142 server03 [root@localhost salt]# salt ‘*‘ cmd.run ‘grep 192.168.112.* /etc/hosts‘ server03: 192.168.112.140 server01 192.168.112.141 server02 192.168.112.142 server03 server02: 192.168.112.140 server01 192.168.112.141 server02 192.168.112.142 server03 [root@localhost salt]#
(5)、file模块(被控主机文件常见操作,包括文件读写、权限、查找、校验等)
# salt ‘*‘ file.get_sum /etc/hosts md5
# salt ‘*‘ file.stats /etc/hosts
[root@localhost salt]# salt ‘*‘ file.get_sum /etc/hosts md5 server03: 7895e4dd8df907aa29d026a75f2a035a server02: 7895e4dd8df907aa29d026a75f2a035a [root@localhost salt]# salt ‘*‘ file.stats /etc/hosts server02: ---------- atime: 1496299480.63 ctime: 1496299455.14 gid: 0 group: root inode: 67128992 mode: 0644 mtime: 1496299455.14 size: 234 target: /etc/hosts type: file uid: 0 user: root server03: ---------- atime: 1496299480.62 ctime: 1496299455.14 gid: 0 group: root inode: 67109270 mode: 0644 mtime: 1496299455.14 size: 234 target: /etc/hosts type: file uid: 0 user: root [root@localhost salt]#
(6)、network模块(返回被控主机网络信息)
# salt ‘*‘ network.ip_addrs
# salt ‘*‘ network.interfaces
[root@localhost salt]# salt ‘*‘ network.ip_addrs server03: - 192.168.112.142 server02: - 192.168.112.141 [root@localhost salt]# salt ‘*‘ network.interfaces server02: ---------- eth0: ---------- hwaddr: 00:0c:29:0b:28:95 inet: |_ ---------- address: 192.168.112.141 broadcast: 192.168.112.255 label: eth0 netmask: 255.255.255.0 inet6: |_ ---------- address: fe80::bf36:72fd:ae66:3183 prefixlen: 64 scope: link up: True lo: ---------- hwaddr: 00:00:00:00:00:00 inet: |_ ---------- address: 127.0.0.1 broadcast: None label: lo netmask: 255.0.0.0 inet6: |_ ---------- address: ::1 prefixlen: 128 scope: host up: True server03: ---------- eth0: ---------- hwaddr: 00:0c:29:63:9d:12 inet: |_ ---------- address: 192.168.112.142 broadcast: 192.168.112.255 label: eth0 netmask: 255.255.255.0 inet6: |_ ---------- address: fe80::7f27:a270:df5d:d68 prefixlen: 64 scope: link up: True lo: ---------- hwaddr: 00:00:00:00:00:00 inet: |_ ---------- address: 127.0.0.1 broadcast: None label: lo netmask: 255.0.0.0 inet6: |_ ---------- address: ::1 prefixlen: 128 scope: host up: True [root@localhost salt]#
(7)、pkg包管理模块(被控主机程序包管理,如yum、apt-get等)
# salt ‘*‘ pkg.install httpd --->安装Apache服务
# salt ‘*‘ pkg.file_list httpd---->查看Apache服务安装的路径及安装的文件
[root@localhost ~]# salt ‘*‘ pkg.install httpd server03: ---------- httpd: ---------- new: 2.4.6-45.el7.centos.4 old: httpd-tools: ---------- new: 2.4.6-45.el7.centos.4 old: mailcap: ---------- new: 2.1.41-2.el7 old: server02: ---------- httpd: ---------- new: 2.4.6-45.el7.centos.4 old: httpd-tools: ---------- new: 2.4.6-45.el7.centos.4 old: mailcap: ---------- new: 2.1.41-2.el7 old: [root@localhost ~]#
(8)、service 服务模块(被控主机程序包服务管理)
# salt ‘*‘ service.enable httpd
# salt ‘*‘ service.disable httpd
# salt ‘*‘ service.status httpd
# salt ‘*‘ service.stop httpd
# salt ‘*‘ service.start httpd
# salt ‘*‘ service.restart httpd
# salt ‘*‘ service.reload httpd
[root@localhost ~]# salt ‘*‘ service.enable httpd server02: True server03: True [root@localhost ~]# salt ‘*‘ service.disable httpd server02: True server03: True [root@localhost ~]# salt ‘*‘ service.status httpd server02: False server03: False [root@localhost ~]# salt ‘*‘ service.stop httpd server02: True server03: True [root@localhost ~]# salt ‘*‘ service.start httpd server03: True server02: True [root@localhost ~]# salt ‘*‘ service.reload httpd server03: True server02: True [root@localhost ~]# salt ‘*‘ cmd.run ‘netstat -lnupt|grep httpd‘ server03: tcp6 0 0 :::80 :::* LISTEN 17294/httpd server02: tcp6 0 0 :::80 :::* LISTEN 3231/httpd [root@localhost ~]#
(9)、更多功能
更多的功能,比如:grains、pillar、states、modules、returner、runners、reactor等,还有如下高级命令的使用,以及模板配置的渲染、扩展模块的二次开发等,可以自己去深入学习,未完,待续........
本文出自 “平平淡淡才是真” 博客,请务必保留此出处http://ucode.blog.51cto.com/10837891/1931327
自动化运维之saltstack
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。