saltstack搭建:
saltstack是一個基礎設施管理工具,保持了輸入輸出,配置文件的一致性,所有文件均使用了YAML格式,主要負責配置管理和遠程執行。
三大功能:
遠程執行命令,配置管理,雲管理
saltstack是一主多從結構。
server1爲主,server3/4爲從
首先下好依賴包,或者是在安裝時一步一步解決依賴性,比較複雜。
[root@server1 salt]# ls
libyaml-0.1.3-4.el6.x86_64.rpm
pciutils-3.1.10-4.el6.x86_64.rpm
pciutils-libs-3.1.10-4.el6.x86_64.rpm
python-babel-0.9.4-5.1.el6.noarch.rpm
python-backports-1.0-5.el6.x86_64.rpm
python-backports-ssl_match_hostname-3.4.0.2-2.el6.noarch.rpm
python-chardet-2.2.1-1.el6.noarch.rpm
python-cherrypy-3.2.2-4.el6.noarch.rpm
python-crypto-2.6.1-3.el6.x86_64.rpm
python-futures-3.0.3-1.el6.noarch.rpm
python-jinja2-2.8.1-1.el6.noarch.rpm
python-libcloud-0.20.0-1.el6.noarch.rpm
python-markupsafe-0.11-10.el6.x86_64.rpm
python-msgpack-0.4.6-1.el6.x86_64.rpm
python-ordereddict-1.1-2.el6.noarch.rpm
python-requests-2.6.0-3.el6.noarch.rpm
python-six-1.9.0-2.el6.noarch.rpm
python-tornado-4.2.1-1.el6.x86_64.rpm
python-urllib3-1.10.2-1.el6.noarch.rpm
python-zmq-14.5.0-2.el6.x86_64.rpm
PyYAML-3.11-1.el6.x86_64.rpm
salt-2016.11.3-1.el6.noarch.rpm
salt-api-2016.11.3-1.el6.noarch.rpm
salt-cloud-2016.11.3-1.el6.noarch.rpm
salt-master-2016.11.3-1.el6.noarch.rpm
salt-minion-2016.11.3-1.el6.noarch.rpm
salt-ssh-2016.11.3-1.el6.noarch.rpm
salt-syndic-2016.11.3-1.el6.noarch.rpm
yum-3.2.29-60.el6.noarch.rpm
yum-utils-1.1.30-30.el6.noarch.rpm
zeromq-4.0.5-4.el6.x86_64.rpm
[root@server2 salt]#
解決依賴性之後就可以安裝.
安裝master
[root@server1 salt]# ls |wc -l
31
[root@server1 salt]# yum install -y *
安裝minion
安裝minion要把和主相關的文件刪除,不然minion無法啓動。
[root@server3 salt]# ls |wc -l
27
[root@server3 salt]# yum install -y *
************
注意:所有修改必須添加兩個空格,這是格式,不然會報錯
修改master配置:
vim /etc/salt/master
修改接口interface爲自己的IP
[root@server1 salt]# cat /etc/salt/master|grep 'interface'
# The address of the interface to bind to:
interface: 172.25.33.1
# the interface option must be adjusted, too. (For example: "interface: '::'")
# The port used by the communication interface. The ret (return) port is the
# interface used for the file server, authentication, job returns, etc.
# The publisher interface ZeroMQPubServerChannel
# masters' syndic interfaces.
# The example below enables minion foo.example.com to get 'network.interfaces' mine
# - network.interfaces
修改minion配置:
vim /etc/salt/minion
修改master爲master 的IP
[root@server3 salt]# cat /etc/salt/minion|grep '^ master'
master: 172.25.33.1285
#auto_accept: False 是否接受自動認證。
啓動服務。啓動主服務。
[root@server1 salt]# service salt-master start
Starting salt-master daemon: [ OK ]
啓動minino服務
[root@server3 salt]# service salt-minion start
Starting salt-minion:root:server3.example.com daemon: OK
此時可可以在master 端查看到minion列表
[root@server1 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server3.example.com
Rejected Keys:
minion在第一次啓動時會在/etc/salt/pki/minion(可以在/etc/salt/minion裏設置。)生成key文件,在啓動時將minion.pub發送給master
total 12
-rw-r--r-- 1 root root 450 Mar 13 11:09 minion_master.pub
-r-------- 1 root root 1674 Mar 13 10:59 minion.pem
-rw-r--r-- 1 root root 450 Mar 13 10:59 minion.pub
master在接受到minino的public key 後通過salt-key命令接受minion的public key,這樣,就可以對minion發送指令了。
接受所有的key
[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server3.example.com
Proceed? [n/Y] Y
Key for minion server3.example.com accepted.
[root@server1 salt]# salt-key -L
Accepted Keys:
server3.example.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
-a :accept ,-A:accept-all,-d:delete,-D:delete-all。可以使用 salt-key 命令查看到已經簽名的客戶端
向Minion發送測試:
[root@server1 salt]# salt '*' test.ping
server3.example.com:
True
至此,簡單的saltstack搭建已經完成。
saltstack master 啓動後會默認監控4505和4506端口,4505是salt的消息發送端口。4506是master 和minion的通信端口。
[root@server3 salt]# netstat -antlp |grep 4505
tcp 0 0 172.25.33.3:42094 172.25.33.1:4505 ESTABLISHED 1485/python2.6
[root@server3 salt]# netstat -antlp |grep 4506
[root@server3 salt]#
[root@server1 salt]# netstat -antlp |grep 4505
tcp 0 0 172.25.33.1:4505 0.0.0.0:* LISTEN 1101/python2.6
tcp 0 0 172.25.33.1:4505 172.25.33.3:42094 ESTABLISHED 1101/python2.6
[root@server1 salt]# netstat -antlp |grep 4506
tcp 0 0 172.25.33.1:4506 0.0.0.0:* LISTEN 1108/python2.6
查看minion的磁盤使用情況:
[root@server1 salt]# salt '*' disk.usage
server3.example.com:
----------
/:
----------
1K-blocks:
19134332
available:
15249116
capacity:
17%
filesystem:
/dev/mapper/VolGroup-lv_root
used:
2913236
/boot:
----------
1K-blocks:
495844
available:
436777
capacity:
8%
filesystem:
/dev/vda1
used:
33467
/dev/shm:
----------
1K-blocks:
251136
available:
251120
capacity:
1%
filesystem:
tmpfs
used:
16
[root@server1 salt]#
查看minion的文件。
[root@server1 salt]# salt '*' cmd.run "cat /etc/passwd" //*是minion的id,可以在minion中的id項設定,同時支持正則匹配。
server3.example.com:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/no
在master配置文件中還可以對Minion進行分組:
1005 ##### Node Groups ######
1006 ##########################################
1007 # Node groups allow for logical groupings of minion nodes. A group cons ists of
1008 # a group name and a compound target. Nodgroups can reference other nod egroups
1009 # with 'N@' classifier. Ensure that you do not have circular references .
1010 #
1011 #nodegroups:
1012 # group1: '[email protected],bar.domain.com,baz.domain.com or bl*.domai n.com'
1013 # group2: 'G@os:Debian and foo.domain.com'
1014 # group3: 'G@os:Debian and N@group1'
配置管理apache
[root@server1 salt]# vim /etc/salt/master
524 file_roots:
525 base:
526 - /srv/salt/
/srv/salt/目錄在系統中並不存在,需要自己創建
[root@server1 salt]# mkdir /srv/salt
[root@server1 salt]# cd /srv/salt/
[root@server1 salt]# ls
[root@server1 salt]# vim /etc/salt/master
[root@server1 salt]# ls
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# vim top.sls
[root@server1 salt]# vim apache.sls
[root@server1 salt]# cat top.sls
base:
'server3.example.com'
-apache
[root@server1 salt]# cat apache.sls
apache-service:
pkg.instlled:
-names://如果是一個服務,可以使用,-name:httpd
-httpd
-httpd-devel
service running:
-name:httpd
-enable:Ture
[root@server1 salt]# service salt-master restart
Stopping salt-master daemon: [FAILED]//報錯原因:格式錯誤,未留兩個空格
Starting salt-master daemon: [ OK ]
執行命令:
[root@server1 salt]# salt 'server3.example.com' state.highstate
server3.example.com:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or external nodes data matches found.
Changes:
Summary for server3.example.com
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
ERROR: Minions returned with non-zero exit code
[root@server1 salt]# tree /srv/salt/
/srv/salt/
├── apache.sls
└── top.sls
0 directories, 2 files
[root@server1 salt]# cat apache.sls
apache-service:
pkg.installed:
- name: httpd
service.running:
- name: httpd
- enable: True
[root@server1 salt]# cat top.sls
base:
'*':
- apache
[root@server1 ~]# salt 'server3.example.com' state.highstate
server3.example.com:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 17:20:56.277491
Duration: 10208.904 ms
Changes:
----------
httpd:
----------
new:
2.2.15-29.el6_4
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 17:21:06.493284
Duration: 322.954 ms
Changes:
----------
httpd:
True
Summary for server3.example.com
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 10.532 s
[root@server3 ~]# service httpd status
httpd (pid 2055) is running...