首页 > 代码库 > SaltStack实战

SaltStack实战

SaltStack实战

#安装

安装注意几点 

python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64

yum install python-libs解决

 

yum的版本太低的话是会出现问题的

http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm

rpm –Uvh yum-3.2.29-69.el6.centos.noarch.rpm

 

Error:

问题:

file /usr/lib64/python2.6/zipfile.pyo from install of python-libs-2.6.6-64.el6.x86_64 conflicts with file from package python-2.6.6-36.el6.x86_64

解决:

[root@client ~]# yum install python-lib* -y

[root@client ~]# yum install salt-minion -y

问题:

Error: Package: yum-utils-1.1.30-30.el6.noarch (saltstack-repo)

           Requires: yum >= 3.2.29-56

           Installed: yum-3.2.29-40.el6.centos.noarch (@anaconda-CentOS-201303020151.x86_64/6.4)

               yum = 3.2.29-40.el6.centos

解决:

[root@python ~]# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-3.2.29-69.el6.centos.noarch.rpm

[root@python ~]# rpm -Uvh yum-3.2.29-69.el6.centos.noarch.rpm

warning: yum-3.2.29-69.el6.centos.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY

Preparing...                ########################################### [100%]

1:yum                    ########################################### [100%]

 

问题:

Error Downloading Packages:

  python-ordereddict-1.1-2.el6.noarch: failure: python-ordereddict-1.1-2.el6.noarch.rpm from epel: [Errno 256] No more mirrors to try.

  python-msgpack-0.4.6-1.el6.x86_64: failure: python-msgpack-0.4.6-1.el6.x86_64.rpm from epel: [Errno 256] No more mirrors to try.

解决:估计要使用黄灯FQ或者使用国内的源

[root@python yum.repos.d]# yum install  python-ordereddict* -y

 

 

yum install  python-ordereddict* -y

[root@master ~]# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:C7:F1:FD 

          inet addr:10.0.0.7  Bcast:10.0.0.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fec7:f1fd/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:10368 errors:0 dropped:0 overruns:0 frame:0

          TX packets:6210 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:9829001 (9.3 MiB)  TX bytes:478004 (466.8 KiB)

 

[root@master ~]# hostname

master

[root@master ~]# uname -a

Linux master 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

[root@master ~]# yum install salt-master -y

 

 

Server

Client

#开启服务

[root@master ~]# service salt-master start

Starting salt-master daemon: [确定]

[root@master ~]# netstat –lanput

tcp        0      0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      2682/python2.6     

tcp        0      0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      2691/python2.6  

 

 

 [root@master salt]# lsof -i:4505

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 2682 root   13u  IPv4  24479      0t0  TCP *:4505 (LISTEN)

[root@master salt]# lsof -i:4506

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

salt-mast 2691 root   21u  IPv4  24490      0t0  TCP *:4506 (LISTEN)

[root@master salt]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.0.10.7 drbd01 master.saltstack.com master

10.0.10.8 drbd02 minion.saltstack.com minion

[root@master salt]# salt-key

Accepted Keys:

Denied Keys:

Unaccepted Keys:

client

minion.saltstack.com

Rejected Keys:

 

 

 

[root@ client ~]# cd /etc/salt/

[root@ client salt]# pwd

/etc/salt

[root@ client salt]# ls

cloud           cloud.maps.d       master    minion.d  roster

cloud.conf.d    cloud.profiles.d   master.d  pki

cloud.deploy.d  cloud.providers.d  minion    proxy

 

[root@minion salt]# grep "^#\|^$" minion -v

master: 10.0.0.7

id: minion.saltstack.com

[root@minion salt]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.0.10.8 drbd02 minion.saltstack.com minion

10.0.10.7 drbd01 master.saltstack.com master

 

[root@client ~]# /etc/init.d/salt-minion restart

Starting salt-minion daemon: [确定]

 

#完成认证欢迎客户端的加入

[root@master salt]# salt-key -a minion.saltstack.com

The following keys are going to be accepted:

Unaccepted Keys:

minion.saltstack.com

Proceed? [n/Y] Y

Key for minion minion.saltstack.com accepted.

[root@master salt]# salt-key

Accepted Keys:

minion.saltstack.com

Denied Keys:

Unaccepted Keys:

client

Rejected Keys:

#测试ping

#泛型

[root@master ~]# salt ‘*‘ test.ping

minion.saltstack.com:

True

#针对性

[root@master ~]# salt ‘minion.saltstack.com‘ test.ping

minion.saltstack.com:

True

[root@master ~]# salt ‘*‘ cmd.run ‘df -h‘

minion.saltstack.com:

    Filesystem            Size  Used Avail Use% Mounted on

    /dev/sda3              12G  1.7G  9.5G  15% /

    tmpfs                 935M   12K  935M   1% /dev/shm

    /dev/sda1             194M   26M  159M  14% /boot

    /dev/sr1              1.4G  1.4G     0 100% /iso1

    /dev/sr0              4.1G  4.1G     0 100% /iso

[root@master ~]# salt ‘*‘ cmd.run ‘uptime‘

minion.saltstack.com:

     21:21:34 up  3:37,  4 users,  load average: 0.10, 0.03, 0.00

 

 

在增加一台:

 

[root@master ~]# mkdir -p /etc/salt/states/prod

[root@master ~]# grep "^#\|^$" /etc/salt/master -v

default_include: master.d/*.conf

interface: 0.0.0.0

file_roots:

  base:

    - /etc/salt/states

  prod:

- /etc/salt/states/prod

[root@master ~]# /etc/init.d/salt-master restart

Stopping salt-master daemon: [确定]

Starting salt-master daemon: [确定]

[root@master ~]# tail -f /var/log/salt/master

 

[root@master states]# grep "^#\|^$" -v /etc/salt/master

default_include: master.d/*.conf

interface: 0.0.0.0

state_top: top.sls

file_roots:

  base:

    - /etc/salt/states

  prod:

    - /etc/salt/states/prod

[root@master states]# cat ./init/pkg.sls

pkg.init:

  pkg.installed:

    - names:

      - lrzsz

      - mtr

      - nmap

[root@master states]# cat ./prod/top.sls

base:

  ‘minion.saltstack.com‘

    - init.pkg

[root@master states]# salt ‘*‘ state.sls init.pkg

minion.saltstack.com:

----------

          ID: pkg.init

    Function: pkg.installed

        Name: mtr

      Result: True

     Comment: The following packages were installed/updated: mtr

     Started: 22:28:11.931751

    Duration: 22421.578 ms

     Changes:  

              ----------

              mtr:

                  ----------

                  new:

                      2:0.75-5.el6

                  old:

----------

          ID: pkg.init

    Function: pkg.installed

        Name: nmap

      Result: True

     Comment: The following packages were installed/updated: nmap

     Started: 22:28:34.362114

    Duration: 22710.914 ms

     Changes:  

              ----------

              libpcap:

                  ----------

                  new:

                      14:1.0.0-6.20091201git117cb5.el6

                  old:

              nmap:

                  ----------

                  new:

                      2:5.51-2.el6

                  old:

----------

          ID: pkg.init

    Function: pkg.installed

        Name: lrzsz

      Result: True

     Comment: The following packages were installed/updated: lrzsz

     Started: 22:28:57.082576

    Duration: 8267.01 ms

     Changes:  

              ----------

              lrzsz:

                  ----------

                  new:

                      0.12.20-27.1.el6

                  old:

 

Summary for minion.saltstack.com

------------

Succeeded: 3 (changed=3)

Failed:    0

------------

Total states run:     3

 

 

[root@minion ~]# which rz

/usr/bin/rz

[root@master states]# tree ./

./

├── init

│   ├── files

│   │   └── limits.conf

│   ├── limit.sls

│   └── pkg.sls

├── prod

└── top.sls

 

3 directories, 4 files

[root@master states]# cat ./init/limit.sls

limit-conf-config:

  file.managed:

    - name: /etc/security/limits.conf

    - source: salt://init/files/limits.conf

    - user: root

    - group: root

    - mode: 644     

[root@master states]# cat ./init/pkg.sls

pkg.init:

  pkg.installed:

    - names:

      - lrzsz

      - mtr

      - nmap

[root@master states]# cat ./top.sls

base:

  ‘minion.saltstack.com‘:

    - init.pkg

    - init.limit

[root@master states]# salt ‘*‘ state.highstate

minion.saltstack.com:

----------

          ID: pkg.init

    Function: pkg.installed

        Name: mtr

      Result: True

     Comment: Package mtr is already installed

     Started: 23:05:41.185346

    Duration: 817.998 ms

     Changes:  

----------

          ID: pkg.init

    Function: pkg.installed

        Name: nmap

      Result: True

     Comment: Package nmap is already installed

     Started: 23:05:42.003701

    Duration: 0.914 ms

     Changes:  

----------

          ID: pkg.init

    Function: pkg.installed

        Name: lrzsz

      Result: True

     Comment: Package lrzsz is already installed

     Started: 23:05:42.004743

    Duration: 0.587 ms

     Changes:  

----------

          ID: limit-conf-config

    Function: file.managed

        Name: /etc/security/limits.conf

      Result: True

     Comment: File /etc/security/limits.conf updated

     Started: 23:05:42.009035

    Duration: 34.642 ms

     Changes:  

              ----------

              diff:

                  --- 

                  +++ 

                  @@ -39,8 +39,8 @@

                   #<domain>      <type>  <item>         <value>

                   #

                  

                  -#*               soft    core            0

                  -#*               hard    rss             10000

                  +*               soft    core            0

                  +*               hard    rss             10000

                   #@student        hard    nproc           20

                   #@faculty        soft    nproc           20

                   #@faculty        hard    nproc           50

 

Summary for minion.saltstack.com

------------

Succeeded: 4 (changed=1)

Failed:    0

------------

Total states run:     4

 

 

[root@minion ~]# cat /etc/security/limits.conf

*               soft    core            0

*               hard    rss             10000

#@student        hard    nproc           20

#@faculty        soft    nproc           20

#@faculty        hard    nproc           50

#ftp             hard    nproc           0

#@student        -       maxlogins       4

[root@master salt]# tree /etc/salt/pki/

/etc/salt/pki/

├── master

│   ├── master.pem

│   ├── master.pub

│   ├── minions

│   │   └── minion.saltstack.com

│   ├── minions_autosign

│   ├── minions_denied

│   ├── minions_pre

│   │   └── client

│   └── minions_rejected

└── minion

 

 

 

 

 

 

 

[root@master ~]# salt-key

Accepted Keys:

10.0.0.9

正则表达式:

[root@master ~]# salt -E ‘((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))‘ test.ping

10.0.0.9:

True

 

[root@master ~]# cat  /etc/salt/states/top.sls

base:

  ‘((?:(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d)))\.){3}(?:25[0-5]|2[0-4]\d|((1\d{2})|([1-9]?\d))))‘:

    - match: pcre

    - init.pkg

- init.limit

[root@master ~]# salt ‘*’ state.highstate

minion.saltstack.com:

          ID: states

Function: no.None

      Result: False

     Comment: No Top file or external nodes data matches found.

     Started:

Duration:

     Changes:  

 

Summary for minion.saltstack.com

Succeeded: 0

Failed:    1

Total states run:     1

10.0.0.9:

          ID: pkg.init

Function: pkg.installed

        Name: mtr

      Result: True

     Comment: Package mtr is already installed

     Started: 08:59:28.505182

Duration: 720.628 ms

     Changes:  

          ID: pkg.init

Function: pkg.installed

        Name: nmap

      Result: True

     Comment: Package nmap is already installed

     Started: 08:59:29.226111

Duration: 0.839 ms

     Changes:  

          ID: pkg.init

Function: pkg.installed

        Name: lrzsz

      Result: True

     Comment: Package lrzsz is already installed

     Started: 08:59:29.227087

Duration: 0.607 ms

     Changes:  

          ID: limit-conf-config

Function: file.managed

        Name: /etc/security/limits.conf

      Result: True

     Comment: File /etc/security/limits.conf is in the correct state

     Started: 08:59:29.231194

Duration: 27.495 ms

     Changes:  

 

Summary for 10.0.0.9

Succeeded: 4

Failed:    0

Total states run:     4

ERROR: Minions returned with non-zero exit code

 

-E 正则

-L list

-S IP

 

Salt into MySQL

mysql.host: ‘10.0.0.7‘

mysql.user: ‘salt‘

mysql.pass: ‘salt‘

mysql.db: ‘salt‘

mysql.port: 3306

mysql_job_cache: mysql【主master插入】

 

 

附件:

Iso.repo:

# CentOS-Media.repo

#

#  This repo can be used with mounted DVD media, verify the mount point for

#  CentOS-6.  You can use this repo and yum to install items directly off the

#  DVD ISO that we release.

#

# To use this repo, put in your DVD and use it with the other repos too:

#  yum --enablerepo=c6-media [command]

# or for ONLY the media repo, do this:

#

#  yum --disablerepo=\* --enablerepo=c6-media [command]

 

[c6-media]

name=CentOS-$releasever - Media

baseurl=file:///iso/

        file:///iso1/

gpgcheck=0

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

saltstack.repo

[saltstack-repo]

name=SaltStack repo for RHEL/CentOS $releasever

baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest

enabled=1

gpgcheck=0

gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-EL5-GPG-KEY.pub

 

 

 

数据系统:

Grains-静态数据

自定义grains

[root@drbd02 ~]# tail -n 3 /etc/salt/minion

grains:

  roles: nginx

  env: prod

[root@master ~]# salt -G ‘env:prod‘ test.ping

minion.saltstack.com:

True

[root@master ~]# salt -G ‘roles:nginx‘ test.ping

minion.saltstack.com:

True

 

[root@drbd02 ~]# cat /etc/salt/grains

cloud: openstack

[root@master ~]# salt -G ‘cloud:openstack‘ test.ping

minion.saltstack.com:

True

[root@master ~]# salt -G ‘test:salt‘ test.ping

No minions matched the target. No command was sent, no jid was assigned.

ERROR: No return received

#不用重启刷新

[root@master ~]# salt ‘*‘ saltutil.sync_grains

minion.saltstack.com:

10.0.0.9:

[root@master ~]# salt -G ‘test:salt‘ test.ping

minion.saltstack.com:

True

 

 

Top.sls:

  ‘roles:nginx‘:

    - match: grain

    - init.pkg

 

Pillar:敏感数据 master指定Pillar 结合grains处理平台差异性

[root@master ~]# salt ‘*‘ pillar.ls

minion.saltstack.com:

10.0.0.9:

"/etc/salt/master" 840L, 32677C written

    586 pillar_roots:

    587   base:

    588     - /etc/salt/pillar

589

[root@master pillar]# cat top.sls

base:

  ‘*‘:

    - init.rsyslog

[root@master pillar]# mkdir init

[root@master pillar]# cd init/

[root@master init]# pwd

/etc/salt/pillar/init

[root@master init]# cat rsyslog.sls

{% if grains[‘osfinger‘] == ‘CentOS-6‘ %}

syslog: rsyslog

{% elif %}

syslog: syslog

{% endif %}

[root@master init]# pwd

/etc/salt/pillar/init

[root@master init]# salt ‘*‘ saltutil.refresh_pillar

10.0.0.9:

    True

minion.saltstack.com:

    True

SaltStack实战