• SaltStack使用salt-ssh模式-第十一篇


    salt-ssh介绍

    1.salt-ssh 是 0.17.0 新引入的一个功能,不需要minion对客户端进行管理,也不需要master。

    2.salt-ssh 支持salt大部分的功能:如 grains、modules、state 等

    3.salt-ssh 没有使用ZeroMQ的通信架构,执行是串行模式

    类似 paramiko、pssh、ansible 这类的工具

    Roster使用

    salt-ssh需要一个名单系统来确定哪些执行目标,Salt的0.17.0版本中salt-ssh引入roster系统

    roster系统编译成了一个数据结构,包含了targets,这些targets是一个目标系统主机列表和或如连接到这些targets

    配置文件如下
    # target的信息
        host:        # 远端主机的ip地址或者dns域名
        user:        # 登录的用户
        passwd:      # 用户密码,如果不使用此选项,则默认使用秘钥方式
    # 可选的部分
        port:        #ssh端口
        sudo:        #可以通过sudo
        tty:         # 如果设置了sudo,设置这个参数为true
        priv:        # ssh秘钥的文件路径
        timeout:     # 当建立链接时等待响应时间的秒数
        minion_opts: # minion的位置路径
        thin_dir:    # target系统的存储目录,默认是/tmp/salt-<hash>
        cmd_umask:   # 使用salt-call命令的umask值

    安装配置

    一,安装salt-ssh
    [root@linux-node1 ~]# yum install salt-ssh
    二,修改roster文件,配置要管理的机器
    [root@linux-node1 ~]# tail -11  /etc/salt/roster 
    linux-node1.example.com:
      host: 192.168.56.11
      user: root
      passwd: 123456
      port: 22
    
    linux-node2.example.com:
      host: 192.168.56.12
      user: root
      passwd: 123456
      port: 22
    三,进行管理测试
    [root@linux-node1 ~]# salt-ssh '*' test.ping -i
    linux-node1.example.com:
        True
    linux-node2.example.com:
        True
    四,salt-ssh命令用法
    -r, –raw, –raw-shell # 直接使用shell命令
    –priv #指定SSH私有密钥文件
    –roster #定义使用哪个roster系统,如果定义了一个后端数据库,扫描方式,或者用户自定义的的roster系统,默认的就是/etc/salt/roster文件
    –roster-file #指定roster文件
    –refresh, –refresh-cache #刷新cache,如果target的grains改变会自动刷新
    –max-procs #指定进程数,默认为25
    -i, –ignore-host-keys #当ssh连接时,忽略keys
    –passwd #指定默认密码
    –key-deploy #配置keys 设置这个参数对于所有minions用来部署ssh-key认证,
    这个参和–passwd结合起来使用会使初始化部署很快很方便。当调用master模块时,并加上参数 –key-deploy 即可在minions生成keys,下次开始就不使用密码
    五,salt-ssh执行状态模块
    [root@linux-node1 ~]# salt-ssh '*' state.sls web.lamp
    linux-node2.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 00:31:01.867400
        Duration: 802.47 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 00:31:02.694092
        Duration: 52.696 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 00:31:02.746901
        Duration: 1.453 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 00:31:02.752421
        Duration: 249.895 ms
         Changes:   
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: The directory /etc/httpd/conf.d is in the correct state
         Started: 00:31:03.002535
        Duration: 7.066 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: pkg.installed
            Name: httpd-tools
          Result: True
         Comment: Package httpd-tools is already installed.
         Started: 00:31:03.009760
        Duration: 0.512 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: cmd.run
            Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
          Result: True
         Comment: unless execution succeeded
         Started: 00:31:03.016294
        Duration: 7.043 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 7
    Failed:    0
    ------------
    Total states run:     7
    linux-node1.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 00:31:01.479393
        Duration: 1072.439 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 00:31:02.575303
        Duration: 54.346 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 00:31:02.629757
        Duration: 1.963 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 00:31:02.635879
        Duration: 233.048 ms
         Changes:   
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: The directory /etc/httpd/conf.d is in the correct state
         Started: 00:31:02.869236
        Duration: 5.416 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: pkg.installed
            Name: httpd-tools
          Result: True
         Comment: Package httpd-tools is already installed.
         Started: 00:31:02.874737
        Duration: 0.5 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: cmd.run
            Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
          Result: True
         Comment: unless execution succeeded
         Started: 00:31:02.880676
        Duration: 5.381 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 7
    Failed:    0
    ------------
    Total states run:     7
    salt-ssh '*' state.sls web.lamp

    总结

    1.salt-ssh 是在salt基础上打了一个python包上传到客户端的默认tmp目录下

        在客户端上面解压并执行返回结果,最后删除tmp上传的临时文件

    2.salt-minion方法是salt-mater先执行语法验证,验证通过后发送到minion

        minion收到Msater的状态文件默认保存在/var/cache/salt/minion

        注意:也有时候salt-master语法验证通过,在minion上可能因为环境问题会执行失败

    3.salt-ssh和salt-minion可以共存,salt-minion不依赖于ssh服务

  • 相关阅读:
    Oracle-函数-split 和 splitstr 的创建
    git merge方法
    查看Android 设备进程id
    内存泄漏
    Mac显示隐藏文件快捷键
    gradle版本
    commit单一文件
    21不下发信号
    FileInputStream read函数何时返回-1
    maven turbonet目录
  • 原文地址:https://www.cnblogs.com/xiewenming/p/7716252.html
Copyright © 2020-2023  润新知