Slatstack 介绍
官方源:http://repo.saltstack.com/ (介绍各操作系统安装方法)
centos 6源
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el6.noarch.rpm
centos 7 源
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el7.noarch.rpm
http://repo.saltstack.com/yum/redhat/7/x86_64
基于python开发,提供REST API接口
三大功能: 远程执行、配置管理(状态)、云管理
其它:Puppet(ruby)、ansible(python)
四种运行方式:Local、Minion/Master(C/S)、Syndic(代理,类似zabbix proxy)、Salt SSH
快速安装
- 安装
服务端
yum install salt-master salt-minion -y
客户端
yum install salt-minion -y
启动服务端
systemctl start salt-master
配置客户端
vim /etc/salt/minion master: 192.168.137.11 # 配置master地址 id: # 每台主机的唯一标识,不配置默认为主机名
启动客户端
systemctl start salt-minion
启动后/etc/salt下生成minion_id文件,默认为主机名
如果修改id,需要删除minion_id
- master和minion启动后pki介绍
第一次启动minion在/etc/salt下生成pki文件目录
包含minion的公钥minion.pub和私钥minion.pem
第一次启动master在/etc/salt下生成pki文件目录
包含master的公钥master.pub和私钥master.pem
linux-node1.example.com和linux-node2.example.com为minion的公钥,名称为id名
minions_pre为预认证目录
- 认证
salt-key
Accepted Keys 已同意的key
Denied Keys 拒绝的key
Unaccepted Keys 未认证的key
salt-key -a linux-node1.example.com
指定linux-node1.example.com这台minion被信任
salt-key -a linux* # 通配符
说明:-a :accept ,-A:accept-all,-d:delete,-D:delete-all
两台minion已认证成功,此时再次查看master pki文件目录,minion的公钥文件放入了minions目录下
再次查看minion pki文件目录,存在minion_master.pub公钥文件
- 远程执行
语法: 命令 目标 模块.方法 方法参数
检查所有主机状态
salt '*' test.ping
检查指定主机状态
salt "linux-node2.example.com" test.ping
指定主机,远程执行shell命令
salt "linux-node2.example.com" cmd.run "ls -lrt /root"
重启所有主机的zabbix agent
salt "*" cmd.run "systemctl restart zabbix-agent"
- 状态模块
state 写一个描述文件。格式:YAML ,后缀:.sls
YAML介绍(重要)
YAML是"YAML Ain't a Markup Language"(YAML不是一种置标语言)的递归缩写。(可以查看百度百科介绍)
格式:数据结构可以用类似大纲的缩排方式呈现,结构通过缩进来表示,连续的项目通过减号“-”来表示,map结构里面的key/value对用冒号“:”来分隔。
样例如下:
salt管理理解YAML介绍 https://docs.saltstack.com/en/latest/topics/yaml/index.html
salt YAML三个规则:
1)缩进,需要用2个空格,不能使用Tab键;
2)冒号,冒号和缩进共用、键值对(中间有空格)
3)短横线, 于后面的值有空格
- master配置
vim /etc/salt/master file_roots # 定义base、测试、灰度、生产环境配置文件路径,base名称不能改
重启master
systemctl restart salt-master
创建配置文件目录
cd /srv mkdir salt
- sls文件创建
apache.sls,放入到/srv/salt/web目录下
apache-install: # 自定义的id,名称
pkg.installed: # 状态模块,salt自带的, 模块.方法
- names: # 参数
- httpd
- httpd-devel
apache-service: # 自定义的id,名称
service.running: # 状态模块,salt自带的, 模块.方法
- name: httpd # 参数
- enable: True
执行这个文件
salt "*" state.sls web.apache
执行流程:
1)master将这个文件发送至minion
2)minion放在/var/cache/salt/minion目录下
3)minion根据这个文件从上往下执行
执行结果
1 linux-node2.example.com: 2 ---------- 3 ID: apache-install 4 Function: pkg.installed 5 Name: httpd 6 Result: True 7 Comment: The following packages were installed/updated: httpd 8 Started: 13:12:23.142622 9 Duration: 103093.75 ms 10 Changes: 11 ---------- 12 apr: 13 ---------- 14 new: 15 1.4.8-3.el7 16 old: 17 apr-util: 18 ---------- 19 new: 20 1.5.2-6.el7 21 old: 22 httpd: 23 ---------- 24 new: 25 2.4.6-40.el7.centos.4 26 old: 27 httpd-tools: 28 ---------- 29 new: 30 2.4.6-40.el7.centos.4 31 old: 32 mailcap: 33 ---------- 34 new: 35 2.1.41-2.el7 36 old: 37 ---------- 38 ID: apache-install 39 Function: pkg.installed 40 Name: httpd-devel 41 Result: True 42 Comment: The following packages were installed/updated: httpd-devel 43 Started: 13:14:06.266419 44 Duration: 75699.845 ms 45 Changes: 46 ---------- 47 apr-devel: 48 ---------- 49 new: 50 1.4.8-3.el7 51 old: 52 apr-util-devel: 53 ---------- 54 new: 55 1.5.2-6.el7 56 old: 57 cyrus-sasl-devel: 58 ---------- 59 new: 60 2.1.26-20.el7_2 61 old: 62 expat-devel: 63 ---------- 64 new: 65 2.1.0-8.el7 66 old: 67 httpd-devel: 68 ---------- 69 new: 70 2.4.6-40.el7.centos.4 71 old: 72 libdb-devel: 73 ---------- 74 new: 75 5.3.21-19.el7 76 old: 77 openldap-devel: 78 ---------- 79 new: 80 2.4.40-9.el7_2 81 old: 82 ---------- 83 ID: apache-service 84 Function: service.running 85 Name: httpd 86 Result: True 87 Comment: Service httpd has been enabled, and is running 88 Started: 13:15:22.549732 89 Duration: 509.773 ms 90 Changes: 91 ---------- 92 httpd: 93 True 94 95 Summary for linux-node2.example.com 96 ------------ 97 Succeeded: 3 (changed=3) 98 Failed: 0 99 ------------ 100 Total states run: 3 101 Total run time: 179.303 s 102 linux-node1.example.com: 103 ---------- 104 ID: apache-install 105 Function: pkg.installed 106 Name: httpd 107 Result: True 108 Comment: Package httpd is already installed 109 Started: 21:12:17.773014 110 Duration: 1030.017 ms 111 Changes: 112 ---------- 113 ID: apache-install 114 Function: pkg.installed 115 Name: httpd-devel 116 Result: True 117 Comment: The following packages were installed/updated: httpd-devel 118 Started: 21:12:18.803216 119 Duration: 179505.346 ms 120 Changes: 121 ---------- 122 apr-devel: 123 ---------- 124 new: 125 1.4.8-3.el7 126 old: 127 apr-util-devel: 128 ---------- 129 new: 130 1.5.2-6.el7 131 old: 132 cyrus-sasl-devel: 133 ---------- 134 new: 135 2.1.26-20.el7_2 136 old: 137 expat-devel: 138 ---------- 139 new: 140 2.1.0-8.el7 141 old: 142 httpd-devel: 143 ---------- 144 new: 145 2.4.6-40.el7.centos.4 146 old: 147 libdb-devel: 148 ---------- 149 new: 150 5.3.21-19.el7 151 old: 152 openldap-devel: 153 ---------- 154 new: 155 2.4.40-9.el7_2 156 old: 157 ---------- 158 ID: apache-service 159 Function: service.running 160 Name: httpd 161 Result: True 162 Comment: The service httpd is already running 163 Started: 21:15:18.523234 164 Duration: 62.391 ms 165 Changes: 166 167 Summary for linux-node1.example.com 168 ------------ 169 Succeeded: 3 (changed=1) 170 Failed: 0 171 ------------ 172 Total states run: 3 173 Total run time: 180.598 s
- top file
默认文件名top.sls,放在base目录下,base目录在file_roots配置项配置
通过top.sls文件可以实现根据不同的minion执行不同的sls文件
base: # 固定名称,必填
'linux-node1.example.com': # minion id
- web.apache # apache.sls
'linux-node2.example.com':
- web.apache
salt "*" state.highstate
上面命令执行state高级状态,它只会执行入口文件top.sls, 根据top文件中内容执行
生产环境中不建议使用*,需要指定具体主机,先用test测试
salt "linux-node1.example.com" state.highstate test=True
测试正常后执行
salt "linux-node1.example.com" state.highstate