SaltStack學習

SaltStack

1. 什么是SaltStack

是基于Python開發(fā)的一套C/S架構(gòu)配置管理工具(不僅僅是配置管理: 如使用salt-cloud配置AWS EC2), 它的底層使用ZeroMQ消息隊列pub/sub方式通信, 使用SSL證書簽發(fā)的方式進行認證管理.

號稱世界上最快的消息隊列ZeroMQ使得SaltStack能快速在成千上萬機器上進行各種操作, 而且采用RSA Key方式確認身份, 傳輸采用AES加密, 這使得它的安全性得到保障.

SaltStack 經(jīng)常被描述為 Func加強版+Puppet精簡版.

2. 為什么選擇SaltStack?

目前市場上主流的開源自動化配置管理工具有puppet, chef, saltstack等等. 到底選擇那個比較好? 可以從以下幾方面考慮:

1). 開發(fā)語言的選擇(puppet/chef vs ansible/saltstack)

Puppet, Chef基于Ruby開發(fā), ansible/saltstack基于Python開發(fā)
運維開發(fā)語言熱衷于Python(后期可做二次開發(fā)), 排除Puppet, Chef

2). 速度的選擇( ansible vs saltstack)
ansible基于ssh協(xié)議傳輸數(shù)據(jù), SaltStack使用消息隊列zeroMQ傳輸數(shù)據(jù). 從網(wǎng)卡數(shù)據(jù)來看, saltstack比ansible快大約40倍...

對比ansible, saltstack 缺點是需要安裝客戶端. 為了速度建議選擇 saltstack.

saltstack github
saltstack官方文檔地址

3. saltstack架構(gòu)

在 saltstack 架構(gòu)中服務端叫Master, 客戶端叫 Minion, 都是以守護進程的模式運行, 一直監(jiān)聽配置文件中定義的ret_port(saltstack客戶端與服務端通信的端口, 負責接收客戶端發(fā)送過來的結(jié)果, 默認4506端口)和pulish_port(saltstack 消息發(fā)布系統(tǒng), 默認4505端口)的端口. 當Minion運行時會自動連接到配置文件中定義的 Master地址 ret_port端口進行連接認證.

1). Master: 控制中心, salt命令運行和資源狀態(tài)管理.
2). Minion: 需要管理的客戶端機器, 會主動去連接 Master端, 并從 Master端得到資源狀態(tài)信息, 同步資源管理信息.
3). States: 配置管理的指令集.
4). Modules: 在命令行中和配置文件中使用的指令模塊, 可以在命令行中運行.
5). Grains: minion端是變量,靜態(tài)的.
6). Pillar: minion端的變量, 動態(tài)的比較私密的變量, 可以通過配置文件實現(xiàn)同步minion定義.
7). highstate: 為minion端下發(fā)永久添加狀態(tài), 從sls配置文件讀取, 即同步狀態(tài)配置.
8). salt_schedule: 會自動保持客戶端配置.

4. saltstack安裝配置

以CentOS6為例安裝minion,
CentOS7.5安裝master, 采用yum 安裝,
還有其它安裝方式, 如pip, 源碼, salt-booststrap

安裝, 配置管理端(master): 以CentOS7.5為例:**

[root@localhost utils]# yum -y install salt-master
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                           | 8.6 kB  00:00:00     
 * base: mirrors.tuna.tsinghua.edu.cn
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.neusoft.edu.cn
 * updates: mirrors.tuna.tsinghua.edu.cn
epel                                                                           | 3.2 kB  00:00:00     
(1/3): epel/x86_64/group_gz                                                    |  88 kB  00:00:00     
(2/3): epel/x86_64/updateinfo                                                  | 935 kB  00:00:00     
(3/3): epel/x86_64/primary                                                     | 3.6 MB  00:00:00     
epel                                                                                      12738/12738
Resolving Dependencies
--> Running transaction check
---> Package salt-master.noarch 0:2015.5.10-2.el7 will be installed
--> Processing Dependency: salt = 2015.5.10-2.el7 for package: salt-master-2015.5.10-2.el7.noarch
--> Running transaction check
---> Package salt.noarch 0:2015.5.10-2.el7 will be installed
--> Processing Dependency: python-zmq for package: salt-2015.5.10-2.el7.noarch
--> Processing Dependency: python-msgpack for package: salt-2015.5.10-2.el7.noarch
--> Processing Dependency: python-jinja2 for package: salt-2015.5.10-2.el7.noarch
--> Processing Dependency: python-crypto for package: salt-2015.5.10-2.el7.noarch
--> Running transaction check
---> Package python-jinja2.noarch 0:2.7.2-2.el7 will be installed
--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-2.el7.noarch
---> Package python-zmq.x86_64 0:14.3.1-1.el7 will be installed
--> Processing Dependency: libzmq.so.3()(64bit) for package: python-zmq-14.3.1-1.el7.x86_64
---> Package python2-crypto.x86_64 0:2.6.1-15.el7 will be installed
--> Processing Dependency: libtomcrypt.so.0()(64bit) for package: python2-crypto-2.6.1-15.el7.x86_64
---> Package python2-msgpack.x86_64 0:0.5.6-4.el7 will be installed
--> Running transaction check
---> Package libtomcrypt.x86_64 0:1.17-26.el7 will be installed
--> Processing Dependency: libtommath >= 0.42.0 for package: libtomcrypt-1.17-26.el7.x86_64
--> Processing Dependency: libtommath.so.0()(64bit) for package: libtomcrypt-1.17-26.el7.x86_64
---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed
---> Package zeromq3.x86_64 0:3.2.5-1.el7 will be installed
--> Processing Dependency: libpgm-5.2.so.0()(64bit) for package: zeromq3-3.2.5-1.el7.x86_64
--> Running transaction check
---> Package libtommath.x86_64 0:0.42.0-6.el7 will be installed
---> Package openpgm.x86_64 0:5.2.122-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================
 Package                     Arch               Version                      Repository          Size
======================================================================================================
Installing:
 salt-master                 noarch             2015.5.10-2.el7              epel               1.0 M
Installing for dependencies:
 libtomcrypt                 x86_64             1.17-26.el7                  extras             224 k
 libtommath                  x86_64             0.42.0-6.el7                 extras              36 k
 openpgm                     x86_64             5.2.122-2.el7                epel               171 k
 python-babel                noarch             0.9.6-8.el7                  base               1.4 M
 python-jinja2               noarch             2.7.2-2.el7                  base               515 k
 python-zmq                  x86_64             14.3.1-1.el7                 epel               468 k
 python2-crypto              x86_64             2.6.1-15.el7                 extras             477 k
 python2-msgpack             x86_64             0.5.6-4.el7                  epel                64 k
 salt                        noarch             2015.5.10-2.el7              epel               4.1 M
 zeromq3                     x86_64             3.2.5-1.el7                  epel               344 k

Transaction Summary
======================================================================================================
Install  1 Package (+10 Dependent packages)

Total download size: 8.7 M
Installed size: 33 M
Is this ok [y/d/N]: y
Downloading packages:
(1/11): libtommath-0.42.0-6.el7.x86_64.rpm                                     |  36 kB  00:00:04     
(2/11): libtomcrypt-1.17-26.el7.x86_64.rpm                                     | 224 kB  00:00:05     
(3/11): python-jinja2-2.7.2-2.el7.noarch.rpm                                   | 515 kB  00:00:04     
(4/11): python-babel-0.9.6-8.el7.noarch.rpm                                    | 1.4 MB  00:00:05     
warning: /var/cache/yum/x86_64/7/epel/packages/openpgm-5.2.122-2.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for openpgm-5.2.122-2.el7.x86_64.rpm is not installed
(5/11): openpgm-5.2.122-2.el7.x86_64.rpm                                       | 171 kB  00:00:05     
(6/11): python-zmq-14.3.1-1.el7.x86_64.rpm                                     | 468 kB  00:00:00     
(7/11): python2-msgpack-0.5.6-4.el7.x86_64.rpm                                 |  64 kB  00:00:00     
(8/11): python2-crypto-2.6.1-15.el7.x86_64.rpm                                 | 477 kB  00:00:00     
(9/11): salt-2015.5.10-2.el7.noarch.rpm                                        | 4.1 MB  00:00:00     
(10/11): salt-master-2015.5.10-2.el7.noarch.rpm                                | 1.0 MB  00:00:00     
(11/11): zeromq3-3.2.5-1.el7.x86_64.rpm                                        | 344 kB  00:00:00     
------------------------------------------------------------------------------------------------------
Total                                                                 1.2 MB/s | 8.7 MB  00:00:07     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
 Userid     : "Fedora EPEL (7) <epel@fedoraproject.org>"
 Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 Package    : epel-release-7-11.noarch (@extras)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : python-babel-0.9.6-8.el7.noarch                                                   1/11 
  Installing : python-jinja2-2.7.2-2.el7.noarch                                                  2/11 
  Installing : python2-msgpack-0.5.6-4.el7.x86_64                                                3/11 
  Installing : libtommath-0.42.0-6.el7.x86_64                                                    4/11 
  Installing : libtomcrypt-1.17-26.el7.x86_64                                                    5/11 
  Installing : python2-crypto-2.6.1-15.el7.x86_64                                                6/11 
  Installing : openpgm-5.2.122-2.el7.x86_64                                                      7/11 
  Installing : zeromq3-3.2.5-1.el7.x86_64                                                        8/11 
  Installing : python-zmq-14.3.1-1.el7.x86_64                                                    9/11 
  Installing : salt-2015.5.10-2.el7.noarch                                                      10/11 
  Installing : salt-master-2015.5.10-2.el7.noarch                                               11/11 
  Verifying  : openpgm-5.2.122-2.el7.x86_64                                                      1/11 
  Verifying  : python-jinja2-2.7.2-2.el7.noarch                                                  2/11 
  Verifying  : salt-master-2015.5.10-2.el7.noarch                                                3/11 
  Verifying  : salt-2015.5.10-2.el7.noarch                                                       4/11 
  Verifying  : zeromq3-3.2.5-1.el7.x86_64                                                        5/11 
  Verifying  : libtommath-0.42.0-6.el7.x86_64                                                    6/11 
  Verifying  : python2-msgpack-0.5.6-4.el7.x86_64                                                7/11 
  Verifying  : python2-crypto-2.6.1-15.el7.x86_64                                                8/11 
  Verifying  : python-zmq-14.3.1-1.el7.x86_64                                                    9/11 
  Verifying  : python-babel-0.9.6-8.el7.noarch                                                  10/11 
  Verifying  : libtomcrypt-1.17-26.el7.x86_64                                                   11/11 

Installed:
  salt-master.noarch 0:2015.5.10-2.el7                                                                

Dependency Installed:
  libtomcrypt.x86_64 0:1.17-26.el7                  libtommath.x86_64 0:0.42.0-6.el7                 
  openpgm.x86_64 0:5.2.122-2.el7                    python-babel.noarch 0:0.9.6-8.el7                
  python-jinja2.noarch 0:2.7.2-2.el7                python-zmq.x86_64 0:14.3.1-1.el7                 
  python2-crypto.x86_64 0:2.6.1-15.el7              python2-msgpack.x86_64 0:0.5.6-4.el7             
  salt.noarch 0:2015.5.10-2.el7                     zeromq3.x86_64 0:3.2.5-1.el7                     

Complete!
[root@localhost utils]#

注: 需要iptables開啟master端 4505, 4506端口

iptables  -A INPUT -p tcp -m multiport --dports 4505,4506 -j ACCEPT
systemctl stop firewalld.service            # 關閉防火墻: 也可以只開放特定的端口.

systemctl start salt-master         # 啟動master服務
systemctl enable salt-master        # 將salt master服務加入開機啟動項

安裝被管理端(minion) CentOS6.10

[root@localhost ~]# yum -y install salt-minion
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirrors.neusoft.edu.cn
 * epel: fedora.cs.nctu.edu.tw
 * extras: mirrors.tuna.tsinghua.edu.cn
 * updates: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package salt-minion.noarch 0:2015.5.10-2.el6 will be installed
--> Processing Dependency: salt = 2015.5.10-2.el6 for package: salt-minion-2015.5.10-2.el6.noarch
--> Running transaction check
---> Package salt.noarch 0:2015.5.10-2.el6 will be installed
--> Processing Dependency: python-zmq for package: salt-2015.5.10-2.el6.noarch
--> Processing Dependency: python-requests for package: salt-2015.5.10-2.el6.noarch
--> Processing Dependency: python-msgpack for package: salt-2015.5.10-2.el6.noarch
--> Processing Dependency: python-jinja2 for package: salt-2015.5.10-2.el6.noarch
--> Processing Dependency: m2crypto for package: salt-2015.5.10-2.el6.noarch
--> Processing Dependency: PyYAML for package: salt-2015.5.10-2.el6.noarch
--> Running transaction check
---> Package PyYAML.x86_64 0:3.10-3.1.el6 will be installed
--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-3.1.el6.x86_64
---> Package m2crypto.x86_64 0:0.20.2-9.el6 will be installed
---> Package python-jinja2.x86_64 0:2.2.1-3.el6 will be installed
--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.2.1-3.el6.x86_64
---> Package python-msgpack.x86_64 0:0.4.6-1.el6 will be installed
---> Package python-requests.noarch 0:2.6.0-4.el6 will be installed
--> Processing Dependency: python-urllib3 >= 1.10.2-1 for package: python-requests-2.6.0-4.el6.noarch
--> Processing Dependency: python-chardet >= 2.2.1-1 for package: python-requests-2.6.0-4.el6.noarch
---> Package python-zmq.x86_64 0:14.3.1-1.el6 will be installed
--> Processing Dependency: libzmq.so.3()(64bit) for package: python-zmq-14.3.1-1.el6.x86_64
--> Running transaction check
---> Package libyaml.x86_64 0:0.1.3-4.el6_6 will be installed
---> Package python-babel.noarch 0:0.9.4-5.1.el6 will be installed
---> Package python-chardet.noarch 0:2.2.1-1.el6 will be installed
---> Package python-urllib3.noarch 0:1.10.2-3.el6 will be installed
--> Processing Dependency: python-six for package: python-urllib3-1.10.2-3.el6.noarch
--> Processing Dependency: python-backports-ssl_match_hostname for package: python-urllib3-1.10.2-3.el6.noarch
---> Package zeromq3.x86_64 0:3.2.5-1.el6 will be installed
--> Processing Dependency: libpgm-5.1.so.0()(64bit) for package: zeromq3-3.2.5-1.el6.x86_64
--> Running transaction check
---> Package openpgm.x86_64 0:5.1.118-3.el6 will be installed
---> Package python-backports-ssl_match_hostname.noarch 0:3.4.0.2-5.el6 will be installed
--> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.4.0.2-5.el6.noarch
---> Package python-six.noarch 0:1.9.0-2.el6 will be installed
--> Running transaction check
---> Package python-backports.x86_64 0:1.0-5.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================
 Package                                                            Arch                                  Version                                           Repository                           Size
======================================================================================================================================================================================================
Installing:
 salt-minion                                                        noarch                                2015.5.10-2.el6                                   epel                                 27 k
Installing for dependencies:
 PyYAML                                                             x86_64                                3.10-3.1.el6                                      base                                157 k
 libyaml                                                            x86_64                                0.1.3-4.el6_6                                     base                                 52 k
 m2crypto                                                           x86_64                                0.20.2-9.el6                                      base                                471 k
 openpgm                                                            x86_64                                5.1.118-3.el6                                     epel                                165 k
 python-babel                                                       noarch                                0.9.4-5.1.el6                                     base                                1.4 M
 python-backports                                                   x86_64                                1.0-5.el6                                         base                                5.5 k
 python-backports-ssl_match_hostname                                noarch                                3.4.0.2-5.el6                                     base                                 12 k
 python-chardet                                                     noarch                                2.2.1-1.el6                                       base                                230 k
 python-jinja2                                                      x86_64                                2.2.1-3.el6                                       base                                466 k
 python-msgpack                                                     x86_64                                0.4.6-1.el6                                       epel                                 69 k
 python-requests                                                    noarch                                2.6.0-4.el6                                       base                                 96 k
 python-six                                                         noarch                                1.9.0-2.el6                                       base                                 28 k
 python-urllib3                                                     noarch                                1.10.2-3.el6                                      base                                103 k
 python-zmq                                                         x86_64                                14.3.1-1.el6                                      epel                                467 k
 salt                                                               noarch                                2015.5.10-2.el6                                   epel                                4.2 M
 zeromq3                                                            x86_64                                3.2.5-1.el6                                       epel                                338 k

Transaction Summary
======================================================================================================================================================================================================
Install      17 Package(s)

Total download size: 8.3 M
Installed size: 33 M
Downloading Packages:
(1/17): PyYAML-3.10-3.1.el6.x86_64.rpm                                                                                                                                         | 157 kB     00:00     
(2/17): libyaml-0.1.3-4.el6_6.x86_64.rpm                                                                                                                                       |  52 kB     00:00     
(3/17): m2crypto-0.20.2-9.el6.x86_64.rpm                                                                                                                                       | 471 kB     00:00     
(4/17): openpgm-5.1.118-3.el6.x86_64.rpm                                                                                                                                       | 165 kB     00:00     
(5/17): python-babel-0.9.4-5.1.el6.noarch.rpm                                                                                                                                  | 1.4 MB     00:00     
(6/17): python-backports-1.0-5.el6.x86_64.rpm                                                                                                                                  | 5.5 kB     00:00     
(7/17): python-backports-ssl_match_hostname-3.4.0.2-5.el6.noarch.rpm                                                                                                           |  12 kB     00:00     
(8/17): python-chardet-2.2.1-1.el6.noarch.rpm                                                                                                                                  | 230 kB     00:00     
(9/17): python-jinja2-2.2.1-3.el6.x86_64.rpm                                                                                                                                   | 466 kB     00:00     
(10/17): python-msgpack-0.4.6-1.el6.x86_64.rpm                                                                                                                                 |  69 kB     00:00     
(11/17): python-requests-2.6.0-4.el6.noarch.rpm                                                                                                                                |  96 kB     00:00     
(12/17): python-six-1.9.0-2.el6.noarch.rpm                                                                                                                                     |  28 kB     00:00     
(13/17): python-urllib3-1.10.2-3.el6.noarch.rpm                                                                                                                                | 103 kB     00:00     
(14/17): python-zmq-14.3.1-1.el6.x86_64.rpm                                                                                                                                    | 467 kB     00:00     
(15/17): salt-2015.5.10-2.el6.noarch.rpm                                                                                                                                       | 4.2 MB     00:02     
(16/17): salt-minion-2015.5.10-2.el6.noarch.rpm                                                                                                                                |  27 kB     00:00     
(17/17): zeromq3-3.2.5-1.el6.x86_64.rpm                                                                                                                                        | 338 kB     00:00     
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                 797 kB/s | 8.3 MB     00:10     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : python-backports-1.0-5.el6.x86_64                                                                                                                                                 1/17 
  Installing : python-backports-ssl_match_hostname-3.4.0.2-5.el6.noarch                                                                                                                          2/17 
  Installing : openpgm-5.1.118-3.el6.x86_64                                                                                                                                                      3/17 
  Installing : zeromq3-3.2.5-1.el6.x86_64                                                                                                                                                        4/17 
  Installing : python-zmq-14.3.1-1.el6.x86_64                                                                                                                                                    5/17 
  Installing : python-babel-0.9.4-5.1.el6.noarch                                                                                                                                                 6/17 
  Installing : python-jinja2-2.2.1-3.el6.x86_64                                                                                                                                                  7/17 
  Installing : m2crypto-0.20.2-9.el6.x86_64                                                                                                                                                      8/17 
  Installing : libyaml-0.1.3-4.el6_6.x86_64                                                                                                                                                      9/17 
  Installing : PyYAML-3.10-3.1.el6.x86_64                                                                                                                                                       10/17 
  Installing : python-chardet-2.2.1-1.el6.noarch                                                                                                                                                11/17 
  Installing : python-msgpack-0.4.6-1.el6.x86_64                                                                                                                                                12/17 
  Installing : python-six-1.9.0-2.el6.noarch                                                                                                                                                    13/17 
  Installing : python-urllib3-1.10.2-3.el6.noarch                                                                                                                                               14/17 
  Installing : python-requests-2.6.0-4.el6.noarch                                                                                                                                               15/17 
  Installing : salt-2015.5.10-2.el6.noarch                                                                                                                                                      16/17 
  Installing : salt-minion-2015.5.10-2.el6.noarch                                                                                                                                               17/17 
  Verifying  : salt-2015.5.10-2.el6.noarch                                                                                                                                                       1/17 
  Verifying  : PyYAML-3.10-3.1.el6.x86_64                                                                                                                                                        2/17 
  Verifying  : python-jinja2-2.2.1-3.el6.x86_64                                                                                                                                                  3/17 
  Verifying  : python-six-1.9.0-2.el6.noarch                                                                                                                                                     4/17 
  Verifying  : python-msgpack-0.4.6-1.el6.x86_64                                                                                                                                                 5/17 
  Verifying  : python-chardet-2.2.1-1.el6.noarch                                                                                                                                                 6/17 
  Verifying  : libyaml-0.1.3-4.el6_6.x86_64                                                                                                                                                      7/17 
  Verifying  : m2crypto-0.20.2-9.el6.x86_64                                                                                                                                                      8/17 
  Verifying  : python-babel-0.9.4-5.1.el6.noarch                                                                                                                                                 9/17 
  Verifying  : python-urllib3-1.10.2-3.el6.noarch                                                                                                                                               10/17 
  Verifying  : python-zmq-14.3.1-1.el6.x86_64                                                                                                                                                   11/17 
  Verifying  : python-requests-2.6.0-4.el6.noarch                                                                                                                                               12/17 
  Verifying  : openpgm-5.1.118-3.el6.x86_64                                                                                                                                                     13/17 
  Verifying  : zeromq3-3.2.5-1.el6.x86_64                                                                                                                                                       14/17 
  Verifying  : salt-minion-2015.5.10-2.el6.noarch                                                                                                                                               15/17 
  Verifying  : python-backports-ssl_match_hostname-3.4.0.2-5.el6.noarch                                                                                                                         16/17 
  Verifying  : python-backports-1.0-5.el6.x86_64                                                                                                                                                17/17 

Installed:
  salt-minion.noarch 0:2015.5.10-2.el6                                                                                                                                                                

Dependency Installed:
  PyYAML.x86_64 0:3.10-3.1.el6                libyaml.x86_64 0:0.1.3-4.el6_6             m2crypto.x86_64 0:0.20.2-9.el6                                    openpgm.x86_64 0:5.1.118-3.el6            
  python-babel.noarch 0:0.9.4-5.1.el6         python-backports.x86_64 0:1.0-5.el6        python-backports-ssl_match_hostname.noarch 0:3.4.0.2-5.el6        python-chardet.noarch 0:2.2.1-1.el6       
  python-jinja2.x86_64 0:2.2.1-3.el6          python-msgpack.x86_64 0:0.4.6-1.el6        python-requests.noarch 0:2.6.0-4.el6                              python-six.noarch 0:1.9.0-2.el6           
  python-urllib3.noarch 0:1.10.2-3.el6        python-zmq.x86_64 0:14.3.1-1.el6           salt.noarch 0:2015.5.10-2.el6                                     zeromq3.x86_64 0:3.2.5-1.el6              

Complete!
[root@localhost ~]#

sed -i 's@#master:.*@master: master_ipaddress@' /etc/salt/minion  #master_ipaddress為管理端IP
echo 192.168.3.233 > /etc/salt/minion_id # 個人習慣使用IP, 默認主機名
service salt-minion start

chkconfig salt-minion on        # 將 salt-minion 加入開機啟動
service salt-minion start       # 啟動 minion 服務應該處于運行中

5. Master與Minion認證

Minion在第一次啟動時, 會在/etc/salt/pki/minion (該路徑在 /etc/salt/minion里面設置)下自動生成minion.pem( private key ) 和 minion.pub ( public key ), 然后將 minion.pub 發(fā)送給master. master 在接收到 minion的 public key后, 通過salt-key命令accept minion public key, 這樣在 master 的/etc/salt/pki/master/minions 下將會存放以 minion id命名的public key, 然后master就能對minion發(fā)送指令了.

認證命令如下:

salt-key -L         #查看當前證書簽證情況

salt-key -A -y      #同意簽證所有沒有接受的簽證情況

saltstack 遠程執(zhí)行

salt '*' test.ping

salt '*' cmd.run 'ls -la'

salt執(zhí)行命令的格式如下:

salt '<target>' <function> [arguments]

target: 執(zhí)行 salt命令的minion目標. 可以使用正則表達式
function: 方法, 由moudle提供
arguments: function的參數(shù)

target可以是以下內(nèi)容:
1). 正則表達式

salt -E 'Minion*' test.ping     #主機名以Minion開頭

2). 列表匹配

salt -L Minion,Minion1 test.ping

3). Grians匹配:

salt -G 'os.CentOS' test.ping

os:CentOS(默認存在)是Grains的鍵值對, 數(shù)據(jù)以yaml保存在minion上, 可在 minion端直接編輯 /etc/salt/grains, yaml格式.
或者在 master端執(zhí)行:

salt '*' grains.setval key "{'sub-key': 'val', 'sub-key2': 'val2' }"            # 命令 salt * sys.doc grains  查看文檔

4). 組匹配

slat -N groups test.ping

如在master新建 /etc/salt/mater.d/nodegroups.conf, yaml格式

5). 復合匹配

salt -C 'G@os.CentOS or L@Minion' test.ping

6). Pillar值匹配

salt -I 'key:value' test.ping

/etc/salt/master 設置 pillar_roots, 數(shù)據(jù)以 yaml格式保存在 master上

7). CIDR匹配:

salt -S '192.168.3.33/333' test.ping

192.168.3.33/333是一個指定的CIDR網(wǎng)段

**function是module提供的方法**
通過下面命令可以查看所有的function:
```bash
salt '192.168.3.333' sys.doc cmd

function可以接受參數(shù):

salt '192.168.3.333' cmd.run 'whoami'

且支持關鍵字參數(shù): ???

salt '192.168.3.333' cmd.run 'ls -lth' cwd=/ user=root          #  以root 查看 / 目錄內(nèi)容

SaltStack配置管理
states文件
slat states的核心是sls文件, 此文件使用yaml語法定義了一些key/value的數(shù)據(jù)
sls文件存放根路徑在master配置文件中定義, 默認為 /srv/salt, 此目錄在OS上不存在, 需要手動創(chuàng)建.

mkdir -p /srv/salt

在salt中可以通過 salt://代替根路徑, 如: salt://top.sls 其實就是 /srv/salt/top.sls

在states中top文件也由master配置文件定義, 默認為top.sls, 該文件為 states的入口文件.

一個簡單的sls文件:
apache:
pkg:
- installed
service:
- running
- require:
- pgk: apache

說明:
此sls數(shù)據(jù)確保 apache軟件包已經(jīng)安裝, 并且此服務正在運行
. 第一行: 被稱為 ID說明 (ID Declartion ). ID表明可以操控的名字.
. 第二行和第四行是states說明(state declaration), 它們分別使用了pkg和service states.
pkg state: 通過系統(tǒng)的包管理其關鍵包.
service state: 管理系統(tǒng)服務(daemon)

在pkg及service列下邊是運行的方法. 方法定義包和服務應該怎么做. 此處是軟件包應該被安裝,服務應該處于運行中.
. 第六行使用require(require statement), 說明只有當 apache安裝成功時, 它的服務才啟動起來.

state和方法可以通過點連起來, 上面sls文件和下面文件意思相同:

apache:
pkg: installed
serice: running

require:
- pkg: apache

將此sls保存為init.sls并放在 salt://apache目錄下, 結(jié)果如下:
/srv/salt
apache
init.sls
top.sls

top.sls定義的內(nèi)容:
base:
'*':
- apache

說明:
第一行: 聲明使用的base環(huán)境
第二行: 定義target. *為匹配所有
第三行: 聲明使用哪些目錄. salt會尋找每個目錄下的 init.sls 文件.

master配置文件中定義了三種環(huán)境, 每種環(huán)境都可以定義多個目錄, 但是要避免沖突.如:

#file_roots:
#   base:
#    - /srv/salt/
    dev:
     - /srv/salt/dev/services
     - /srv/salt/dev/states
    prod:
     - /srv/salt/prod/services
     - /srv/salt/prod/states

運行states
一旦創(chuàng)建完states并修改完top.sls之后, 你可以在master上執(zhí)行下面命令:

salt '*' state.highstate

此命令會觸發(fā)所有minion從master下載top.sls文件以及其中定義的states, 然后編譯,執(zhí)行.
執(zhí)行完后, minion會將執(zhí)行結(jié)果的摘要匯報給master.

特別提醒/警告

CentOS6.10中 python2.6 的各種坑, 建議繞過直接使用 CentOS7.5 安裝 salt-master, 并用CentOS7.5上的 master 管理 CentOS6.10上的 minion.

yum -y install salt-master

CentOS7.5中關閉防火墻為:

systemctl stop firewalld.service

查看防火墻狀態(tài):

firewall-cmd --state

啟動master服務:

systemctl start salt-master

開機啟動:

systemctl enable salt-master

[root@localhost utils]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
192.168.3.245
Rejected Keys:

[root@localhost utils]# salt-key -a  '*'
The following keys are going to be accepted:
Unaccepted Keys:
192.168.3.245
Proceed? [n/Y] y
Key for minion 192.168.3.245 accepted.
[root@localhost utils]#

[root@localhost utils]# salt-key -L
Accepted Keys:
192.168.3.245
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@localhost utils]#

[root@localhost utils]# salt '*' test.ping
192.168.3.245:
    True
[root@localhost utils]# 
[root@localhost utils]# salt '*' cmd.run 'whoami'
192.168.3.245:
    root
[root@localhost utils]# salt '*' cmd.run 'uname -a'
192.168.3.245:
    Linux localhost.localdomain 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost utils]# salt '*' cmd.run 'ifconfig'
192.168.3.245:
    eth0      Link encap:Ethernet  HWaddr 00:0C:29:E4:95:70  
              inet addr:192.168.3.245  Bcast:192.168.255.255  Mask:255.255.0.0
              inet6 addr: fe80::20c:29ff:fee4:9570/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:839289 errors:47 dropped:203 overruns:0 frame:0
              TX packets:302427 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:970882269 (925.9 MiB)  TX bytes:36745108 (35.0 MiB)
              Interrupt:19 Base address:0x2000 
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:111771 errors:0 dropped:0 overruns:0 frame:0
              TX packets:111771 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:13141871 (12.5 MiB)  TX bytes:13141871 (12.5 MiB)
[root@localhost utils]#

復制目錄到minion:

salt '*' cp.get_dir salt://install /root/salt-install gzip=9 makedir=True

最后編輯于：2018.12.09 20:19:35

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者

人面猴
序言：七十年代末嘱吗，一起剝皮案震驚了整個濱河市，隨后出現(xiàn)的幾起案子滔驾，更是在濱河造成了極大的恐慌谒麦，老刑警劉巖，帶你破解...
沈念sama閱讀 218,036評論 6贊 506
死咒
序言：濱河連續(xù)發(fā)生了三起死亡事件哆致，死亡現(xiàn)場離奇詭異绕德，居然都是意外死亡，警方通過查閱死者的電腦和手機摊阀，發(fā)現(xiàn)死者居然都...
沈念sama閱讀 93,046評論 3贊 395
救了他兩次的神仙讓他今天三更去死
文/潘曉璐我一進店門耻蛇，熙熙樓的掌柜王于貴愁眉苦臉地迎上來，“玉大人胞此，你說我怎么就攤上這事臣咖。” “怎么了漱牵？”我有些...
開封第一講書人閱讀 164,411評論 0贊 354
道士緝兇錄：失蹤的賣姜人
文/不壞的土叔我叫張陵夺蛇，是天一觀的道長。經(jīng)常有香客問我布疙，道長，這世上最難降的妖魔是什么愿卸？我笑而不...
開封第一講書人閱讀 58,622評論 1贊 293
?港島之戀（遺憾婚禮）
正文為了忘掉前任灵临，我火速辦了婚禮，結(jié)果婚禮上趴荸，老公的妹妹穿的比我還像新娘儒溉。我一直安慰自己，他們只是感情好发钝，可當我...
茶點故事閱讀 67,661評論 6贊 392
惡毒庶女頂嫁案：這布局不是一般人想出來的
文/花漫我一把揭開白布顿涣。她就那樣靜靜地躺著，像睡著了一般酝豪。火紅的嫁衣襯著肌膚如雪涛碑。梳的紋絲不亂的頭發(fā)上，一...
開封第一講書人閱讀 51,521評論 1贊 304
城市分裂傳說
那天孵淘，我揣著相機與錄音蒲障，去河邊找鬼。笑死，一個胖子當著我的面吹牛揉阎，可吹牛的內(nèi)容都是我干的毙籽。我是一名探鬼主播，決...
沈念sama閱讀 40,288評論 3贊 418
雙鴛鴦連環(huán)套：你想象不到人心有多黑
文/蒼蘭香墨我猛地睜開眼烙如，長吁一口氣：“原來是場噩夢啊……” “哼厅翔！你這毒婦竟也來了刀闷？” 一聲冷哼從身側(cè)響起仰迁，我...
開封第一講書人閱讀 39,200評論 0贊 276
萬榮殺人案實錄
序言：老撾萬榮一對情侶失蹤徐许，失蹤者是張志新（化名）和其女友劉穎雌隅，沒想到半個月后，有當?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體修械，經(jīng)...
沈念sama閱讀 45,644評論 1贊 314
?護林員之死
正文獨居荒郊野嶺守林人離奇死亡肯污，尸身上長有42處帶血的膿包…… 初始之章·張勛以下內(nèi)容為張勛視角年9月15日...
茶點故事閱讀 37,837評論 3贊 336
?白月光啟示錄
正文我和宋清朗相戀三年蹦渣，在試婚紗的時候發(fā)現(xiàn)自己被綠了貌亭。大學時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片。...
茶點故事閱讀 39,953評論 1贊 348
活死人
序言：一個原本活蹦亂跳的男人離奇死亡美尸，死狀恐怖斟薇，靈堂內(nèi)的尸體忽然破棺而出堪滨，到底是詐尸還是另有隱情，我是刑警寧澤遏乔，帶...
沈念sama閱讀 35,673評論 5贊 346
?日本核電站爆炸內(nèi)幕
正文年R本政府宣布盟萨，位于F島的核電站了讨，受9級特大地震影響前计，放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜丈屹，卻給世界環(huán)境...
茶點故事閱讀 41,281評論 3贊 329
男人毒藥：我在死后第九天來索命
文/蒙蒙一旺垒、第九天我趴在偏房一處隱蔽的房頂上張望肤无。院中可真熱鬧舅锄，春花似錦司忱、人聲如沸坦仍。這莊子的主人今日做“春日...
開封第一講書人閱讀 31,889評論 0贊 22
一樁弒父案幔荒，背后竟有這般陰謀
文/蒼蘭香墨我抬頭看了看天上的太陽爹梁。三九已至姚垃，卻和暖如春，著一層夾襖步出監(jiān)牢的瞬間掂墓，已是汗流浹背看成。一陣腳步聲響...
開封第一講書人閱讀 33,011評論 1贊 269
情欲美人皮
我被黑心中介騙來泰國打工川慌，沒想到剛下飛機就差點兒被人妖公主榨干…… 1. 我叫王不留窘游，地道東北人忍饰。一個月前我還...
沈念sama閱讀 48,119評論 3贊 370
代替公主和親
正文我出身青樓艾蓝，卻偏偏與公主長得像，于是被迫代替她去往敵國和親亮靴。傳聞我的和親對象是個殘疾皇子茧吊，可洞房花燭夜當晚...
茶點故事閱讀 44,901評論 2贊 355

SaltStack學習

推薦閱讀更多精彩內(nèi)容