SaltStack介绍
一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。
salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.
通信原理
1.SaltStack 采用 C/S模式
2.master和minion之间是通过秘钥对建立信任关系,建立信任关系以后,master进程起来会监听2个端口(4505和4506)
3.4505端口对应的是ZMQ的PUB system, 用于和minion建立长连接并发送数据
4.4506端口对应的是REP system,用于接受minion的数据
5.在minion端口启动minion进程,不会监听任何端口,minion会用随机的端口和master通信
6.master和minion之间的通信用到了zeromq消息队列
7.master每一次下发任务所有的minion都会收到任务,minion会根据任务条件判断是否需要返回数据给master
步骤
-
Salt stack的Master与Minion之间通过ZeroMq进行消息传递,使用了ZeroMq的发布-订阅模式,连接方式包括tcp,ipc
-
salt命令,将
cmd.run ls
命令从salt.client.LocalClient.cmd_cli
发布到master,获取一个Jodid,根据jobid获取命令执行结果。 -
master接收到命令后,将要执行的命令发送给客户端minion。
-
minion从消息总线上接收到要处理的命令,交给
minion._handle_aes
处理 -
minion._handle_aes
发起一个本地线程调用cmdmod执行ls命令。线程执行完ls后,调用minion._return_pub
方法,将执行结果通过消息总线返回给master -
master接收到客户端返回的结果,调用
master._handle_aes
方法,将结果写的文件中 -
salt.client.LocalClient.cmd_cli
通过轮询获取Job执行结果,将结果输出到终端。
环境说明
CentOS7.2 64bit linux-node1.example.com 192.168.56.11 (salt-master和salt-minion) CentOS7.2 64bit linux-node2.example.com 192.168.56.12 (salt-minion)
一,在192.168.56.11安装salt-master和salt-minion并启动master
[root@linux-node1 ~]# yum install -y salt-master salt-minion
[root@linux-node1 ~]# systemctl start salt-master
二,master上进入salt目录了解目录结构
[root@linux-node1 ~]# cd /etc/salt/ [root@linux-node1 salt]# ls master minion pki [root@linux-node1 salt]# tree pki/ pki/ └── master ├── master.pem #私钥 ├── master.pub ├── minions ├── minions_autosign ├── minions_denied ├── minions_pre └── minions_rejected 6 directories, 2 files
三,在192.168.56.12,修改minion配置文件master
[root@linux-node2 ~]# yum install -y salt-minion [root@linux-node2 ~]vi /etc/salt/minion #修改master 和id默认是主机名 [root@linux-node2 salt]# grep -n ^master minion 16:master: 192.168.56.11 [root@linux-node2 ~]#systemctl start salt-minion #在node1上面做同样的设置
四,在192.168.56.11上面查看pki情况,显示已经有2个minion准备加入
[root@linux-node1 salt]# tree pki pki ├── master │ ├── master.pem │ ├── master.pub │ ├── minions │ ├── minions_autosign │ ├── minions_denied │ ├── minions_pre #minion启动以后给master发送申请,master在这里可以看到正在申请加入的minion-id │ │ ├── linux-node1.example.com │ │ └── linux-node2.example.com │ └── minions_rejected └── minion ├── minion.pem └── minion.pub 7 directories, 6 files
五,在master上面接受minion加入
[root@linux-node1 salt]# salt-key -A The following keys are going to be accepted: Unaccepted Keys: linux-node1.example.com linux-node2.example.com Proceed? [n/Y] Y Key for minion linux-node1.example.com accepted. Key for minion linux-node2.example.com accepted.
六,秘钥接受后,查看pki的密码变化,秘钥名称是和minionID名称一样(公钥)
[root@linux-node1 salt]# tree pki pki ├── master │ ├── master.pem │ ├── master.pub │ ├── minions #已经进入到master的minion │ │ ├── linux-node1.example.com │ │ └── linux-node2.example.com │ ├── minions_autosign │ ├── minions_denied │ ├── minions_pre │ └── minions_rejected └── minion ├── minion_master.pub ├── minion.pem └── minion.pub 7 directories, 7 files
七,在minion节点查看 master的公钥也给到了minion后面就可以正常通信
[root@linux-node2 salt]# tree pki/ pki/ └── minion ├── minion_master.pub #这个会传送给master,在master上面存放的文件名称是minionID ├── minion.pem └── minion.pub
八,在master上面查看key的信任关系
[root@linux-node1 base]# salt-key -L
Accepted Keys:
linux-node1.example.com
linux-node2.example.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
九,检查master和minion之间通信是否正常,如果返回True则说明正常
[root@linux-node1 ~]# salt "*" test.ping linux-node1.example.com: True linux-node2.example.com: True
十一,使用salt的执行模块进行维护管理
一般在公司使用会通过web界面包装定义作业,然后进行审批执行
[root@linux-node1 ~]# salt "*" cmd.run "w" # "*" 是执行对象 cmd 是执行模块 run是cmd的方法 "w" 是方法的参数 也就是命令 linux-node2.example.com: 14:23:31 up 8:38, 1 user, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.56.1 13:46 21:23 0.15s 0.15s -bash linux-node1.example.com: 14:23:30 up 8:38, 1 user, load average: 0.01, 0.03, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.56.1 13:46 2.00s 0.43s 0.32s /usr/bin/python /usr/bin/salt * cmd.run w [root@linux-node1 ~]# salt "*" cmd.run "date" linux-node2.example.com: Sun Oct 15 14:23:39 EDT 2017 linux-node1.example.com: Sun Oct 15 14:23:38 EDT 2017
十二,删除minon key
[root@linux-node1 base]# salt-key -D #全部删除 也可以加指定的minion id The following keys are going to be deleted: Accepted Keys: linux-node1.example.com linux-node2.example.com Proceed? [N/y] Y Key for minion linux-node1.example.com deleted. Key for minion linux-node2.example.com deleted. [root@linux-node1 base]# salt-key -L Accepted Keys: Denied Keys: Unaccepted Keys: Rejected Keys:
十三,查看salt调用cdm模块所在路径及salt的其它模块
[root@linux-node1 modules]# pwd /usr/lib/python2.7/site-packages/salt/modules [root@linux-node1 modules]# ls |grep cmd cmdmod.py #用户执行的cmd模块 cmdmod.pyc cmdmod.pyo
其它模块
[root@linux-node1 modules]# pwd /usr/lib/python2.7/site-packages/salt/modules [root@linux-node1 modules]# ls aliases.py chef.py drbd.py grub_legacy.py ldapmod.py netbsd_sysctl.py postfix.py runit.py state.py win_dns_client.py aliases.pyc chef.pyc drbd.pyc grub_legacy.pyc ldapmod.pyc netbsd_sysctl.pyc postfix.pyc runit.pyc state.pyc win_dns_client.pyc aliases.pyo chef.pyo drbd.pyo grub_legacy.pyo ldapmod.pyo netbsd_sysctl.pyo postfix.pyo runit.pyo state.pyo win_dns_client.pyo alternatives.py chocolatey.py ebuild.py guestfs.py linux_acl.py netscaler.py postgres.py rvm.py status.py win_file.py alternatives.pyc chocolatey.pyc ebuild.pyc guestfs.pyc linux_acl.pyc netscaler.pyc postgres.pyc rvm.pyc status.pyc win_file.pyc alternatives.pyo chocolatey.pyo ebuild.pyo guestfs.pyo linux_acl.pyo netscaler.pyo postgres.pyo rvm.pyo status.pyo win_file.pyo apache.py cloud.py eix.py hadoop.py linux_lvm.py network.py poudriere.py s3.py sudo.py win_firewall.py apache.pyc cloud.pyc eix.pyc hadoop.pyc linux_lvm.pyc network.pyc poudriere.pyc s3.pyc sudo.pyc win_firewall.pyc apache.pyo cloud.pyo eix.pyo hadoop.pyo linux_lvm.pyo network.pyo poudriere.pyo s3.pyo sudo.pyo win_firewall.pyo aptpkg.py cmdmod.py elasticsearch.py haproxyconn.py linux_sysctl.py neutron.py powerpath.py saltcloudmod.py supervisord.py win_groupadd.py aptpkg.pyc cmdmod.pyc elasticsearch.pyc haproxyconn.pyc linux_sysctl.pyc neutron.pyc powerpath.pyc saltcloudmod.pyc supervisord.pyc win_groupadd.pyc aptpkg.pyo cmdmod.pyo elasticsearch.pyo haproxyconn.pyo linux_sysctl.pyo neutron.pyo powerpath.pyo saltcloudmod.pyo supervisord.pyo win_groupadd.pyo archive.py composer.py environ.py hashutil.py localemod.py nfs3.py ps.py saltutil.py svn.py win_ip.py archive.pyc composer.pyc environ.pyc hashutil.pyc localemod.pyc nfs3.pyc ps.pyc saltutil.pyc svn.pyc win_ip.pyc archive.pyo composer.pyo environ.pyo hashutil.pyo localemod.pyo nfs3.pyo ps.pyo saltutil.pyo svn.pyo win_ip.pyo artifactory.py config.py eselect.py hg.py locate.py nftables.py publish.py schedule.py swift.py win_network.py artifactory.pyc config.pyc eselect.pyc hg.pyc locate.pyc nftables.pyc publish.pyc schedule.pyc swift.pyc win_network.pyc artifactory.pyo config.pyo eselect.pyo hg.pyo locate.pyo nftables.pyo publish.pyo schedule.pyo swift.pyo win_network.pyo at.py container_resource.py etcd_mod.py hipchat.py logadm.py nginx.py puppet.py scsi.py sysbench.py win_ntp.py at.pyc container_resource.pyc etcd_mod.pyc hipchat.pyc logadm.pyc nginx.pyc puppet.pyc scsi.pyc sysbench.pyc win_ntp.pyc at.pyo container_resource.pyo etcd_mod.pyo hipchat.pyo logadm.pyo nginx.pyo puppet.pyo scsi.pyo sysbench.pyo win_ntp.pyo augeas_cfg.py cpan.py event.py hosts.py logrotate.py nova.py pw_group.py sdb.py syslog_ng.py win_path.py augeas_cfg.pyc cpan.pyc event.pyc hosts.pyc logrotate.pyc nova.pyc pw_group.pyc sdb.pyc syslog_ng.pyc win_path.pyc augeas_cfg.pyo cpan.pyo event.pyo hosts.pyo logrotate.pyo nova.pyo pw_group.pyo sdb.pyo syslog_ng.pyo win_path.pyo aws_sqs.py cp.py extfs.py htpasswd.py lvs.py npm.py pw_user.py seed.py sysmod.py win_pkg.py aws_sqs.pyc cp.pyc extfs.pyc htpasswd.pyc lvs.pyc npm.pyc pw_user.pyc seed.pyc sysmod.pyc win_pkg.pyc aws_sqs.pyo cp.pyo extfs.pyo htpasswd.pyo lvs.pyo npm.pyo pw_user.pyo seed.pyo sysmod.pyo win_pkg.pyo blockdev.py cron.py file.py http.py lxc.py omapi.py pyenv.py selinux.py sysrc.py win_repo.py blockdev.pyc cron.pyc file.pyc http.pyc lxc.pyc omapi.pyc pyenv.pyc selinux.pyc sysrc.pyc win_repo.pyc blockdev.pyo cron.pyo file.pyo http.pyo lxc.pyo omapi.pyo pyenv.pyo selinux.pyo sysrc.pyo win_repo.pyo bluez.py cyg.py firewalld.py ilo.py mac_group.py openbsdpkg.py qemu_img.py sensors.py systemd.py win_servermanager.py bluez.pyc cyg.pyc firewalld.pyc ilo.pyc mac_group.pyc openbsdpkg.pyc qemu_img.pyc sensors.pyc systemd.pyc win_servermanager.pyc bluez.pyo cyg.pyo firewalld.pyo ilo.pyo mac_group.pyo openbsdpkg.pyo qemu_img.pyo sensors.pyo systemd.pyo win_servermanager.pyo boto_asg.py daemontools.py freebsdjail.py img.py macports.py openbsdrcctl.py qemu_nbd.py serverdensity_device.py system_profiler.py win_service.py boto_asg.pyc daemontools.pyc freebsdjail.pyc img.pyc macports.pyc openbsdrcctl.pyc qemu_nbd.pyc serverdensity_device.pyc system_profiler.pyc win_service.pyc boto_asg.pyo daemontools.pyo freebsdjail.pyo img.pyo macports.pyo openbsdrcctl.pyo qemu_nbd.pyo serverdensity_device.pyo system_profiler.pyo win_service.pyo boto_cfn.py darwin_sysctl.py freebsdkmod.py incron.py mac_user.py openbsdservice.py quota.py service.py system.py win_shadow.py boto_cfn.pyc darwin_sysctl.pyc freebsdkmod.pyc incron.pyc mac_user.pyc openbsdservice.pyc quota.pyc service.pyc system.pyc win_shadow.pyc boto_cfn.pyo darwin_sysctl.pyo freebsdkmod.pyo incron.pyo mac_user.pyo openbsdservice.pyo quota.pyo service.pyo system.pyo win_shadow.pyo boto_cloudwatch.py data.py freebsdpkg.py influx.py makeconf.py openbsd_sysctl.py rabbitmq.py shadow.py system_rest_sample.py win_status.py boto_cloudwatch.pyc data.pyc freebsdpkg.pyc influx.pyc makeconf.pyc openbsd_sysctl.pyc rabbitmq.pyc shadow.pyc system_rest_sample.pyc win_status.pyc boto_cloudwatch.pyo data.pyo freebsdpkg.pyo influx.pyo makeconf.pyo openbsd_sysctl.pyo rabbitmq.pyo shadow.pyo system_rest_sample.pyo win_status.pyo boto_dynamodb.py ddns.py freebsdports.py ini_manage.py match.py openstack_config.py raet_publish.py slack_notify.py test.py win_system.py boto_dynamodb.pyc ddns.pyc freebsdports.pyc ini_manage.pyc match.pyc openstack_config.pyc raet_publish.pyc slack_notify.pyc test.pyc win_system.pyc boto_dynamodb.pyo ddns.pyo freebsdports.pyo ini_manage.pyo match.pyo openstack_config.pyo raet_publish.pyo slack_notify.pyo test.pyo win_system.pyo boto_elasticache.py deb_apache.py freebsdservice.py __init__.py mdadm.py oracle.py random_org.py smartos_imgadm.py test_virtual.py win_timezone.py boto_elasticache.pyc deb_apache.pyc freebsdservice.pyc __init__.pyc mdadm.pyc oracle.pyc random_org.pyc smartos_imgadm.pyc test_virtual.pyc win_timezone.pyc boto_elasticache.pyo deb_apache.pyo freebsdservice.pyo __init__.pyo mdadm.pyo oracle.pyo random_org.pyo smartos_imgadm.pyo test_virtual.pyo win_timezone.pyo boto_elb.py debconfmod.py freebsd_sysctl.py introspect.py memcached.py osxdesktop.py rbenv.py smartos_vmadm.py timezone.py win_update.py boto_elb.pyc debconfmod.pyc freebsd_sysctl.pyc introspect.pyc memcached.pyc osxdesktop.pyc rbenv.pyc smartos_vmadm.pyc timezone.pyc win_update.pyc boto_elb.pyo debconfmod.pyo freebsd_sysctl.pyo introspect.pyo memcached.pyo osxdesktop.pyo rbenv.pyo smartos_vmadm.pyo timezone.pyo win_update.pyo boto_iam.py debian_ip.py fsutils.py ipmi.py mine.py pacman.py rdp.py smf.py tls.py win_useradd.py boto_iam.pyc debian_ip.pyc fsutils.pyc ipmi.pyc mine.pyc pacman.pyc rdp.pyc smf.pyc tls.pyc win_useradd.pyc boto_iam.pyo debian_ip.pyo fsutils.pyo ipmi.pyo mine.pyo pacman.pyo rdp.pyo smf.pyo tls.pyo win_useradd.pyo boto_route53.py debian_service.py gem.py ipset.py modjk.py pagerduty.py redismod.py smtp.py tomcat.py xapi.py boto_route53.pyc debian_service.pyc gem.pyc ipset.pyc modjk.pyc pagerduty.pyc redismod.pyc smtp.pyc tomcat.pyc xapi.pyc boto_route53.pyo debian_service.pyo gem.pyo ipset.pyo modjk.pyo pagerduty.pyo redismod.pyo smtp.pyo tomcat.pyo xapi.pyo boto_secgroup.py defaults.py genesis.py iptables.py mod_random.py pam.py reg.py softwareupdate.py twilio_notify.py xfs.py boto_secgroup.pyc defaults.pyc genesis.pyc iptables.pyc mod_random.pyc pam.pyc reg.pyc softwareupdate.pyc twilio_notify.pyc xfs.pyc boto_secgroup.pyo defaults.pyo genesis.pyo iptables.pyo mod_random.pyo pam.pyo reg.pyo softwareupdate.pyo twilio_notify.pyo xfs.pyo boto_sns.py devmap.py gentoolkitmod.py jboss7_cli.py mongodb.py parted.py rest_package.py solaris_group.py upstart.py xmpp.py boto_sns.pyc devmap.pyc gentoolkitmod.pyc jboss7_cli.pyc mongodb.pyc parted.pyc rest_package.pyc solaris_group.pyc upstart.pyc xmpp.pyc boto_sns.pyo devmap.pyo gentoolkitmod.pyo jboss7_cli.pyo mongodb.pyo parted.pyo rest_package.pyo solaris_group.pyo upstart.pyo xmpp.pyo boto_sqs.py dig.py gentoo_service.py jboss7.py monit.py pecl.py rest_sample.py solarisips.py useradd.py yumpkg.py boto_sqs.pyc dig.pyc gentoo_service.pyc jboss7.pyc monit.pyc pecl.pyc rest_sample.pyc solarisips.pyc useradd.pyc yumpkg.pyc boto_sqs.pyo dig.pyo gentoo_service.pyo jboss7.pyo monit.pyo pecl.pyo rest_sample.pyo solarisips.pyo useradd.pyo yumpkg.pyo boto_vpc.py disk.py git.py junos.py moosefs.py pillar.py rest_service.py solarispkg.py uwsgi.py zcbuildout.py boto_vpc.pyc disk.pyc git.pyc junos.pyc moosefs.pyc pillar.pyc rest_service.pyc solarispkg.pyc uwsgi.pyc zcbuildout.pyc boto_vpc.pyo disk.pyo git.pyo junos.pyo moosefs.pyo pillar.pyo rest_service.pyo solarispkg.pyo uwsgi.pyo zcbuildout.pyo brew.py djangomod.py glance.py keyboard.py mount.py pip.py ret.py solaris_shadow.py varnish.py zfs.py brew.pyc djangomod.pyc glance.pyc keyboard.pyc mount.pyc pip.pyc ret.pyc solaris_shadow.pyc varnish.pyc zfs.pyc brew.pyo djangomod.pyo glance.pyo keyboard.pyo mount.pyo pip.pyo ret.pyo solaris_shadow.pyo varnish.pyo zfs.pyo bridge.py dnsmasq.py glusterfs.py key.py munin.py pkgin.py rh_ip.py solaris_user.py vbox_guest.py zk_concurrency.py bridge.pyc dnsmasq.pyc glusterfs.pyc key.pyc munin.pyc pkgin.pyc rh_ip.pyc solaris_user.pyc vbox_guest.pyc zk_concurrency.pyc bridge.pyo dnsmasq.pyo glusterfs.pyo key.pyo munin.pyo pkgin.pyo rh_ip.pyo solaris_user.pyo vbox_guest.pyo zk_concurrency.pyo bsd_shadow.py dnsutil.py gnomedesktop.py keystone.py mysql.py pkgng.py rh_service.py solr.py virt.py znc.py bsd_shadow.pyc dnsutil.pyc gnomedesktop.pyc keystone.pyc mysql.pyc pkgng.pyc rh_service.pyc solr.pyc virt.pyc znc.pyc bsd_shadow.pyo dnsutil.pyo gnomedesktop.pyo keystone.pyo mysql.pyo pkgng.pyo rh_service.pyo solr.pyo virt.pyo znc.pyo btrfs.py dockerio.py gpg.py kmod.py nacl.py pkg_resource.py riak.py splunk_search.py virtualenv_mod.py zpool.py btrfs.pyc dockerio.pyc gpg.pyc kmod.pyc nacl.pyc pkg_resource.pyc riak.pyc splunk_search.pyc virtualenv_mod.pyc zpool.pyc btrfs.pyo dockerio.pyo gpg.pyo kmod.pyo nacl.pyo pkg_resource.pyo riak.pyo splunk_search.pyo virtualenv_mod.pyo zpool.pyo cassandra_cql.py dpkg.py grains.py launchctl.py nagios.py pkgutil.py rpm.py sqlite3.py win_autoruns.py zypper.py cassandra_cql.pyc dpkg.pyc grains.pyc launchctl.pyc nagios.pyc pkgutil.pyc rpm.pyc sqlite3.pyc win_autoruns.pyc zypper.pyc cassandra_cql.pyo dpkg.pyo grains.pyo launchctl.pyo nagios.pyo pkgutil.pyo rpm.pyo sqlite3.pyo win_autoruns.pyo zypper.pyo cassandra.py drac.py groupadd.py layman.py netbsdservice.py portage_config.py rsync.py ssh.py win_disk.py cassandra.pyc drac.pyc groupadd.pyc layman.pyc netbsdservice.pyc portage_config.pyc rsync.pyc ssh.pyc win_disk.pyc cassandra.pyo drac.pyo groupadd.pyo layman.pyo netbsdservice.pyo portage_config.pyo rsync.pyo ssh.pyo win_disk.pyo
十四,日志文件路径,必要是可以开机debug模式排查问题
[root@linux-node1 base]# tailf /var/log/salt/master
更改minion_id步骤
1.停止salt-minion 如果不停止会一直给master发消息
2.master上面salt-key 删除老的id salt-key -d minionid
3.mininon上删除/etc/salt/minion_id rm -f /etc/salt/minion_id
4.删除minion端/etc/salt/pki rm -rf /etc/salt/pki
5.minion上配置文件修改id
6.启动minion
7.master重新salt-key加入