• saltstack的封装和内网使用

    0.客户端使用

    linux:把linux的ragent文件夹拷贝到内网linux /opt目录下,运行初始化脚本

    salt服务端:# @Master:"/opt/ragent/python/bin/python3 /opt/ragent/init.py master apipwd"  #apipwd 是saltapi的用户密码
    salt客户端:# @Minion:"/opt/ragent/python/bin/python3 /opt/ragent/init.py minion master_ip minion_name"  #master_ip代表要绑定的master的IP,minion_name是设置这台minion的显示名称。
    启动:
    /opt/ragent/tools/master.py start
    /opt/ragent/tools/minion.py start
    /opt/ragent/tools/api.py start
    停止
    /opt/ragent/tools/master.py stop
    /opt/ragent/tools/minion.py stop
    /opt/ragent/tools/api.py stop

    window:把window的ragent文件夹拷贝到c盘即可,运行初始化脚本

    init.bat 10.92.xxx.xx mywindow  #第一个参数绑定master的IP,第二个是设置这台minion的显示名称。
    启动:
    C: agent oolsminion.bat start
    停止:
    C: agent oolsminion.bat stop

    1.linux客户端封装

    linux: 建议在系统低版本安装,高版本适配低版本,
    1.安装python,先找到自己要的版本,源码安装。
    2.把包拷贝过去,然后一个个安装即可。可参考:
    https://www.cnblogs.com/zhutianpeng/p/3883819.html,
    https://blog.csdn.net/linux_player_c/article/details/50551460
    例如:
    安装pycryto
    [root@master tar_install]# tar xvf pycrypto-2.6.1.tar.gz
    [root@master tar_install]# cd pycrypto-2.6.1
    [root@master pycrypto-2.6.1]# python setup.py install 这里的python记得全部都用自己第一步下载的
    whl 可以直接用pip 安装

    全部安装后,有时候就可以了 有时候会在启动master的时候报少了什么 这个时候再找再加装就行,这是因为不同系统有的已经内置有的没有。

    另外,有取巧的方法,直接在有网环境pip install 安装后一个个拷贝过去,不过兼容性差,部分有问题的话要一一解决。

    包的获取:./pip3 install  --target=/opt/salt salt -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com (把所有包下载下来)

    3.主要安装salt可添加参数:./setup.py --salt-root-dir=/opt/ragent/salt/conf/ --salt-base-file-roots-dir=/opt/ragent/salt/conf/ --salt-home-dir=/opt/ragent/salt/conf/ install
    (--salt-root-dir这个参数是核心,有这个就可以自定义目录)
    4.安装成功后,把配置文件拷贝到相应目录,配置master和minion,配置文件可在已封装好的/ragent/salt/conf 里面找。有时候启动文件会在安装salt后,自动生成,有时候不会,同样拷贝过去就行了。

    2.window客户端封装

    1.也是先安装好python,直接下载一个exe安装到指定目录就行
    2.直接静默安装salt: C: agent ools>minion64.exe /S /master=10.92.216.250 /minion-name=test /D=C: agentsalt (这个/D是核心,官网没有的,有这个才可以自定义目录)
    3.配置什么的,参考封装好的修改即可。window的一般无需变动。

    3.linux配置

    linux的master配置 路径:opt agentsaltconfetcsalt master

    interface: 0.0.0.0
file_roots:
  base:
    - /opt/ragent/salt/file

    linux的api配置 路径:opt agentsaltconfetcsalt master.dapi.conf

    rest_cherrypy:
  port: 8001                       #  salt-api 监听端口
  ssl_crt: /opt/ragent/salt/conf/sslkey/localhost.crt          # ssl认证的证书
  ssl_key: /opt/ragent/salt/conf/sslkey/localhost_nopass.key

    linux的api配置 路径:opt agentsaltconfetcsalt master.deauth.conf

    external_auth:
  pam:
    saltapi:
      - .*
      - '@wheel'
      - '@runner'

    linux的master配置 路径:opt agentsaltconfetcsalt minion

    master: 192.168.xx.x
id: xx.com

    4.配置用户和签名证书

    # 创建用户(用于salt-api认证)
    useradd -M -s /sbin/nologin saltapi && echo "thispwd"|/usr/bin/passwd saltapi --stdin

    生成签名证书:

    [root@cgc certs]# cd /etc/pki/tls/certs/
[root@cgc certs]# make thecert
make: *** No rule to make target `thecert'.  Stop.
[root@cgc certs]# make testcert
umask 77 ; 
/usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key
Generating RSA private key, 2048 bit long modulus
............................................+++
...............................................+++
e is 65537 (0x10001)
Enter pass phrase:     #填写密码thispwd
Verifying - Enter pass phrase:   #填写密码thispwd
umask 77 ; 
/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt 
Enter pass phrase for /etc/pki/tls/private/localhost.key:     #填写密码thispwd
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GuangZhou            
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

    解密key文件,生成无密码的key文件, 过程中需要输入key密码,该密码为之前生成证书时设置的密码

    cd /etc/pki/tls/private/
openssl rsa -in localhost.key -out localhost_nopass.key
Enter pass phrase for localhost.key:

    添加证书到客户端:

    cp /etc/pki/tls/certs/localhost.crt  /opt/ragent/salt/conf/sslkey/localhost.crt      
cp /etc/pki/tls/private/localhost_nopass.key /opt/ragent/salt/conf/sslkey/localhost_nopass.key

    验证:

    # 创建用户(用于salt-api认证)
useradd -M -s /sbin/nologin saltapi && echo "thispwd"|/usr/bin/passwd saltapi --stdin

curl -sSk https://localhost:8001/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=thispwd -d eauth=pam
87475ab6906bb76baec11af6deee28a7dbd42e26
curl -k https://127.0.0.1:8001/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 87475ab6906bb76baec11af6deee28a7dbd42e26" -d client='local' -d tgt='*' -d fun='test.ping'
curl -k https://127.0.0.1:8001 -H "Accept: application/x-yaml" -H "X-Auth-Token: 87475ab6906bb76baec11af6deee28a7dbd42e26" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='ifconfig'

    5.window配置

    window只有minion,配置文件:C: agentsaltconfminion

    master: 10.92.xx.xxx
id: win7

    如果有部分路径问题,可修改salt包的源码配置文件:

    C: agentsaltinLibsite-packagessalt\_syspaths.py  按需修改

    # This file was auto-generated by salt's setup on Wednesday, 06 June 2018 @ 20:06:22 UTC.

ROOT_DIR = 'C:/ragent/salt'
SHARE_DIR = None
CONFIG_DIR = None
CACHE_DIR = None
SOCK_DIR = None
SRV_ROOT_DIR= 'C:/ragent/salt/file'
BASE_FILE_ROOTS_DIR = 'C:/ragent/salt/file'
BASE_PILLAR_ROOTS_DIR = None
BASE_MASTER_ROOTS_DIR = None
BASE_THORIUM_ROOTS_DIR = None
LOGS_DIR = None
PIDFILE_DIR = None
SPM_FORMULA_PATH = None
SPM_PILLAR_PATH = None
SPM_REACTOR_PATH = None
HOME_DIR = 'C:/ragent/salt'

    6.linux脚本

    初始化init.py:

    #!/opt/ragent/python/bin/python3
# coding:utf-8
# @Author   : ChenGengCong
# @date     : 2018.6.22
# @file     : init.py
# @Master:"/opt/ragent/python/bin/python3 /opt/ragent/init.py master apipwd"
# @Minion:"/opt/ragent/python/bin/python3 /opt/ragent/init.py minion master_ip minion_name"
import subprocess
import sys


class Saltstack():
    def __init__(self):
        self.CONFPATH = '/opt/ragent/salt/conf/etc/salt'
        self.TOOLSPATH = '/opt/ragent/tools' 
        #防火墙关闭先不写

    def master(self, apipwd='thispwd',master_bind_ip='0.0.0.0'):
        #初始化master环境
        stopcmd = "%s/master.py stop" % self.TOOLSPATH
        pipe = subprocess.run(stopcmd, shell=True, stdout=subprocess.PIPE).stdout
        stopapicmd = "%s/api.py stop" % self.TOOLSPATH
        pipe = subprocess.run(stopapicmd, shell=True, stdout=subprocess.PIPE).stdout
        #master绑定的ip地址
        setcmd = "sed -i '/^interface/s/.*/interface: %s/g' %s/master" % (master_bind_ip, self.CONFPATH)
        pipe = subprocess.run(setcmd, shell=True, stdout=subprocess.PIPE).stdout
        #创建api密码
        addcmd = "useradd -M -s /sbin/nologin saltapi"
        p = subprocess.run(addcmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout
        pwdcmd = "echo '%s'|/usr/bin/passwd saltapi --stdin" % apipwd
        pipe = subprocess.run(pwdcmd, shell=True, stdout=subprocess.PIPE).stdout
        #启动master环境
        startcmd = "%s/master.py start" % self.TOOLSPATH
        pipe = subprocess.run(startcmd, shell=True, stdout=subprocess.PIPE).stdout
        stopapicmd = "%s/api.py start" % self.TOOLSPATH
        pipe = subprocess.run(stopapicmd, shell=True, stdout=subprocess.PIPE).stdout


    def minion(self,master_ip, minion_name):
        #初始化minion环境
        stopcmd = "%s/minion.py stop" % self.TOOLSPATH
        pipe = subprocess.run(stopcmd, shell=True, stdout=subprocess.PIPE).stdout

        # 删除已有认证
        delid = "rm -f %s/minion_id" % self.CONFPATH
        std = subprocess.run(delid, shell=True, stdout=subprocess.PIPE).stdout
        delpki = "rm -f %s/salt/pki/minion/*" % self.CONFPATH
        std = subprocess.run(delpki, shell=True, stdout=subprocess.PIPE).stdout

        # 设置master ip地址
        setip = "sed -i '/^master/s/.*/master: %s/g' %s/minion" % (master_ip,self.CONFPATH)
        pipe = subprocess.run(setip, shell=True, stdout=subprocess.PIPE).stdout

        # 设置minion ID 即客户端唯一识别名
        setid = "sed -i '/^id:/s/.*/id: %s/g' %s/minion" % (minion_name,self.CONFPATH)
        pipe = subprocess.run(setid, shell=True, stdout=subprocess.PIPE).stdout

        #启动minion环境
        stopcmd = "%s/minion.py start" % self.TOOLSPATH
        pipe = subprocess.run(stopcmd, shell=True, stdout=subprocess.PIPE).stdout

'''
@初始化命令
@master:
ssh root@ "/opt/ragent/python/bin/python3 /opt/ragent/init.py master apipwd"
@minion
ssh root@ "/opt/ragent/python/bin/python3 /opt/ragent/init.py minion master_ip minion_name"
'''
if __name__ == "__main__":
    name = sys.argv[1]
    Salt = Saltstack()
    if name == "master":
        try:
            apipwd = sys.argv[2]
            Salt.master(apipwd)
        except:
            Salt.master()
    elif name == "minion":
        master_ip = sys.argv[2]
        minion_name = sys.argv[3]
        Salt.minion(master_ip, minion_name)
    else:
        print("USAGE: %s (master|minion) master_ip minion_id" % sys.argv[0])

    api.py

    #!/opt/ragent/python/bin/python3
# -*- coding: utf-8 -*-
#encoding:utf-8
#@Time     : 2018-06-13 15:41:33
#@Author   : chengengcong
#@File     : api.py
import sys
import subprocess
import os
SALT_PATH = '/opt/ragent/salt'
def start_app(name):
    if status_app(name)>1:
        print ("%s is running,you can try restart"%(name))
    else:
        cmd = "nohup %s/bin/%s >> %s/conf/var/log/salt/%s 2>&1 &"%(SALT_PATH,name,SALT_PATH,name)
        pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT)

def stop_app(name):
    cmd = "pgrep %s|xargs kill -9"%(name)
    pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout

def status_app(name):
    cmd = "pgrep %s|wc -l"%(name)
    pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout
    result = int(str(pipe.read(),encoding='utf-8'))
    return result

if __name__ == "__main__":
    name = 'salt-api'
    if len(sys.argv)==1:
        start_app(name)
    if len(sys.argv)>1:
        key = sys.argv[1]
        if key == 'start':
            start_app(name)
        elif key == 'stop':
            stop_app(name)
        elif key == 'restart':
            stop_app(name)
            start_app(name)
        else:
            result = status_app(name)
            if result>0:
                print ('%s is active!'%(name))
            else:
                print ('%s is inactive!'%(name))

    master.py

    #!/opt/ragent/python/bin/python3
# -*- coding: utf-8 -*-
#encoding:utf-8
#@Time     : 2018-06-13 15:41:33
#@Author   : chengengcong
#@File     : master.py
import sys
import subprocess
SALT_PATH = '/opt/ragent/salt'
def start_app(name):
    if status_app(name)>1:
        print ("%s is running,you can try restart"%(name))
    else:
        cmd = "nohup %s/bin/%s >> %s/conf/var/log/salt/%s 2>&1 &"%(SALT_PATH,name,SALT_PATH,name)
        pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT)

def stop_app(name):
    cmd = "pgrep %s|xargs kill -9"%(name)
    pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout

def status_app(name):
    cmd = "pgrep %s|wc -l"%(name)
    pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE).stdout
    result = int(str(pipe.read(),encoding='utf-8'))
    return result

if __name__ == "__main__":
    name = 'salt-master'
    if len(sys.argv)==1:
        start_app(name)
    if len(sys.argv)>1:
        key = sys.argv[1]
        if key == 'start':
            start_app(name)
        elif key == 'stop':
            stop_app(name)
        elif key == 'restart':
            stop_app(name)
            start_app(name)
        else:
            result = status_app(name)
            if result>0:
                print ('%s is active!'%(name))
            else:
                print ('%s is inactive!'%(name))

    minion.py

    #!/opt/ragent/python/bin/python3
# -*- coding: utf-8 -*-
#encoding:utf-8
#@Time     : 2018-06-13 15:41:33
#@Author   : chengengcong
#@File     : master.py
import sys
import subprocess
SALT_PATH = '/opt/ragent/salt'
def start_app(name):
    if status_app(name)>0:
        print ("%s is running,you can try restart"%(name))
    else:
        cmd = "nohup %s/bin/%s >> %s/conf/var/log/salt/%s 2>&1 &"%(SALT_PATH,name,SALT_PATH,name)
        pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT)

def stop_app(name):
    cmd = "pgrep %s|xargs kill -9"%(name)
    pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT).stdout

def status_app(name):
    cmd = "pgrep %s|wc -l"%(name)
    pipe = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT).stdout
    result = int(str(pipe.read(),encoding='utf-8'))
    return result

if __name__ == "__main__":
    name = 'salt-minion'
    if len(sys.argv)==1:
        start_app(name)
    if len(sys.argv)>1:
        key = sys.argv[1]
        if key == 'start':
            start_app(name)
        elif key == 'stop':
            stop_app(name)
        elif key == 'restart':
            stop_app(name)
            start_app(name)
        else:
            result = status_app(name)
            if result>0:
                print ('%s is active!'%(name))
            else:
                print ('%s is inactive!'%(name))

    7.window脚本

    init.bat

    ::date:2018-04-09 15:35:11
::author:chengengcong
::company:NanWangDingXin
::version:1.0.1
::file: init.bat
::Parameter: init.bat 10.92.xxx.xx mywindow
@echo off
C:
agentsaltinssm.exe install salt-minion c:
agentsaltinpython.exe
C:
agentsaltinssm.exe set salt-minion AppParameters "-E -s c:
agentsaltinScriptssalt-minion -c c:
agentsaltconf -l quiet"
C:
agentsaltinssm.exe set salt-minion AppDirectory c:
agentsaltbin
C:
agentsaltinssm.exe set salt-minion AppExit Default Restart
C:
agentsaltinssm.exe set salt-minion AppStopMethodConsole 24000
C:
agentsaltinssm.exe set salt-minion AppStopMethodWindow 2000
C:
agentsaltinssm.exe set salt-minion Description "Salt Minion from saltstack.com"
C:
agentsaltinssm.exe set salt-minion DisplayName salt-minion
C:
agentsaltinssm.exe set salt-minion ObjectName LocalSystem
C:
agentsaltinssm.exe set salt-minion Start SERVICE_AUTO_START
C:
agentsaltinssm.exe set salt-minion Type SERVICE_WIN32_OWN_PROCESS
set master=%1%
set id=%2%
echo master: %master%>C:
agentsaltconfminion
echo id: %id%>>C:
agentsaltconfminion
net stop salt-minion
net start salt-minion

    minion.bat

    ::date:2018-04-09 15:35:11  
::author:chengengcong
::company:NanWangZongBu  
::version:1.0.1  
::file: minion.bat  
::Parameter: minion.bat status
@echo off 
set input=%1%
call:%input%
goto:eof
:status
for /f "skip=3 tokens=4" %%i in ('sc query salt-minion') do set "zt=%%i" &goto :next
:next
echo %zt%
goto:eof
:start
net start salt-minion
goto:eof
:stop
net stop salt-minion
goto:eof

    作者:陈耿聪 —— 夕狱

    出处:https://www.cnblogs.com/CGCong/

    本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。

  • 相关阅读:
    Android调用系统相机和相册并解决data为空,OOM,图片角度不对的问题
    Android 工作流提交审批填写审批意见PopWindow工具类
    解决ionic安装不上的方法
    nodeJs 报maximum call stack size exceeded js
    命令行运行ionic run android 出现running one or more of the platforms Error
    Ionic run android失败解决方法。
    Android Scrollview嵌套下listView动态加载数据,解决onScrollChanged执行多次数据重复问题
    Android 自定义ListView动态加载数据
    Android ListView显示不同样式的item
    day 43
  • 原文地址:https://www.cnblogs.com/CGCong/p/9405942.html
Copyright © 2020-2023  润新知