目 錄
什麼是saltstack?
Saltstack是一個服務器基礎架構集中化管理平臺,具備配置管理、遠程執行、監控等功能,一般可以理解成簡化版的基於puppet和加強版的func。SaltStack基於Python語言實現,結合輕量級消息隊列(ZeroMQ)與Python第三方模塊(Pyzmq、PyCrypto、pyjinja2、python-msgpack和PyYAML等)構建。
Saltstack具有以下特點:
- 部署簡單、方便
- 支持大部分UNIX/Linux及Windows環境
- 主從集中化管理
- 配置簡單、功能強大、擴展性強
- 主控端(Master)和被控制端(minion)基於證書認證,安全可靠
- 支持API及自定義模塊,可通過Python輕鬆擴展
參考文檔:
項目地址: https://github.com/saltstack/salt
官網地址: http://www.saltstack.com
官方文檔: http://docs.saltstack.com OR http://docs.saltstack.cn
開發語言: Python
運行模式: C/S
一、環境介紹
| HostName | IP | Service |
|---|---|---|
| Master | 192.168.179.100 | salt-master |
| Minion | 192.168.179.101 | salt-minion |
基本術語
| 說明 | |
|---|---|
| maste | 控制中心,salt命令運行和資源狀態管理端 |
| minion | 需要管理的客戶端機器,會主動連接master端,並從master端得到資源狀態信息,同步資源管理信息 |
| states | 配置管理的指令集 |
| grains | minion端的靜態變量 |
| pillar | minion端的動態變量 |
| highstate | 給minion永久添加狀態,從sls配置文件讀取 |
| salt schedule | 自動保持客戶端配置 |
二、安裝前準備(所有機器都需要執行)
2.1 添加Host
# echo -e "192.168.179.100 master\n192.168.179.101 minion-1" >> /etc/hosts
2.2 關閉防火牆
# service iptables stop
# chkconfig iptables off
2.3 關閉Selinux
# sed -i 's/SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
# setenforce 0
2.4 安裝SaltStack的yum源
# yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm
# yum clean expire-cache
三、安裝SaltStack
Master安裝
3.1 設置hostname
# sed -i 's/HOSTNAME=.*$/HOSTNAME=master/g' /etc/sysconfig/network
3.2 安裝Salt-master
# yum -y install salt-master
3.3 配置salt-master
# cp /etc/salt/master /etc/salt/master-example
# sed -i 's/#interface/interface/g' /etc/salt/master
# egrep -v "^#|^$" /etc/salt/master
3.4 配置安全認證
查看當前
# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:
接收所有key
# salt-key -A
3.5 啓動salt-master
# service salt-master start
# chkconfig salt-master on查看是否啓動成功
# cat /var/run/salt-master.pid
Minion安裝
3.6 設置hostname
# sed -i 's/HOSTNAME=.*$/HOSTNAME=minion-1/g' /etc/sysconfig/network
3.7 安裝Salt-minion
# yum -y install salt-minion
3.8 配置Salt-minion
# cp /etc/salt/minion /etc/salt/minion-example
# sed -i 's/#master: salt/master: master/g' /etc/salt/minion
3.9 啓動Salt-minion
# service salt-minion start
# chkconfig salt-minion on
四、測試
在master機器上執行
測試ping
# salt '*' test.ping
minion-1:
True
測試運行一個df -h
# salt '*' cmd.run 'df -h'
minion-1:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_centos6-lv_root
18G 1.7G 15G 11% /
tmpfs 490M 12K 490M 1% /dev/shm
/dev/sda1 477M 63M 389M 14% /boot
五、自動腳本,可以參考下:
# cat /export/zlyang/autoSaltStackInstall.sh
#!/bin/bash
################################################
# #
# author: Zlyang by 2019-08-28 #
# description: Auto Install SaltStack #
# #
################################################
INSTALL_TIME=`date +%F\ %T`
CURRENTDIR=`pwd`;
LOGFILE="${CURRENTDIR}/salt_install.log";
ISCLOSEFIREWALLFIREWALL="yes";
ISCLOSESELINUX="yes";
ready(){
printf "" > ${LOGFILE}
printf "安裝日期:${INSTALL_TIME}\n" >> ${LOGFILE}
printf "\n"
printf "\033[31m 請手動配置Host項,手動添加所有節點的主機名與IP對應,格式如下:\033[0m \n"
printf "\033[31m %-12s %-10s \033[0m \n" 192.168.1.1 master
printf "\033[31m *\n *\n \033[0m"
printf "\n"
printf "開始準備工作: \n" |tee -a ${LOGFILE}
stop_iptables;
close_selinux;
printf "\n開始安裝SaltStack Repo源:\n" |tee -a ${LOGFILE}
install_salt_repo;
printf "\n開始安裝SaltStack:\n"|tee -a ${LOGFILE}
install_salt;
}
stop_iptables(){
printf "\033[31m \n(建議關閉防火牆,以免在安裝時遇到不必要的麻煩!如果不關閉請手動開放\033[31m 4505 \033[0m和\033[31m 4506 \033[0m端口)\n \033[0m"
printf "請選擇是否關閉防火牆:\n"
read -p "[yes/no] :" ISCLOSEFIREWALL
case "${ISCLOSEFIREWALL}" in
Y|y|yes|YES)
/etc/init.d/iptables stop 2>&1 >>/dev/null
if [[ $? == 0 ]];then
printf "\t防火牆停止......[\033[32m 成功 \033[0m ]\n"|tee -a ${LOGFILE}
fi
;;
n|N|no|NO)
printf "\033[31m \t您未關閉防火牆,請手動開放 4505 和 4506 端口\033[0m\n"|tee -a ${LOGFILE}
exit 1
;;
*)
printf "\033[31m \t您未關閉防火牆,請手動開放 4505 和 4506 端口\033[0m\n"|tee -a ${LOGFILE}
exit 1
;;
esac
}
close_selinux(){
printf "\033[31m \n(建議關閉SELinux,如果不關閉請手動開放SaltStack所需要的權限)\n \033[0m"
printf "請選擇是否關閉SELinux:\n"
read -p "[yes/no] :" ISCLOSESELINUX
case "${ISCLOSESELINUX}" in
Y|y|yes|YES)
sed -i 's/SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
ISDISABLED=`getenforce`;
case "${ISDISABLED}" in
Disabled)
printf "\tSELinux 已經停止\n"|tee -a ${LOGFILE}
;;
Enforcing)
setenforce 0
if [[ $? == 0 ]];then
printf "\tSELinux 停止......[\033[32m 成功 \033[0m ]\n"|tee -a ${LOGFILE}
fi
;;
*)
printf "\t\033[31m 您沒有停止SELinux,請手動停止並重啓機器:\"setenforce 0 && reboot \"\n"|tee -a ${LOGFILE}
printf "\t\033[31m 或\n"|tee -a ${LOGFILE}
printf "\033[31m \t您未關閉SELinux,請手動開放SaltStack所需要的權限!\033[0m\n"|tee -a ${LOGFILE}
;;
esac
;;
n|N|no|NO)
printf "\t\033[31m 您沒有停止SELinux,請手動停止並重啓機器:\"setenforce 0 && reboot \"\n"|tee -a ${LOGFILE}
printf "\t\033[31m 或\n"|tee -a ${LOGFILE}
printf "\033[31m \t您未關閉SELinux,請手動開放SaltStack所需要的權限!\033[0m\n"|tee -a ${LOGFILE}
;;
*)
printf "\t\033[31m 您沒有停止SELinux,請手動停止並重啓機器:\"setenforce 0 && reboot \"\n"|tee -a ${LOGFILE}
printf "\t\033[31m 或\n"|tee -a ${LOGFILE}
printf "\033[31m \t您未關閉SELinux,請手動開放SaltStack所需要的權限!\033[0m\n"|tee -a ${LOGFILE}
;;
esac
}
install_salt_repo(){
ISINSTALL=`rpm -qa|grep salt-repo-latest-2.el6.noarch`;
if [[ -z ${ISINSTALL} ]];then
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm 2>&1 >> ${LOGFILE}
if [[ $? == 0 ]];then
printf "\tsalt-repo安裝......[\033[32m 成功 \033[0m ]\n"|tee -a ${LOGFILE}
else
printf "\tsalt-repo安裝......[\033[31m 失敗 \033[0m ]\n"|tee -a ${LOGFILE}
exit 1
fi
else
printf "\t您已經安裝salt-repo,無需重新安裝!\n"|tee -a ${LOGFILE}
fi
}
install_salt(){
printf "\n請選擇需要安裝的系統:\n\t1:Salt-Master(Server端) \n\t2:Salt-Minion(Client端) \n\n\tq:退出\n 請選擇:"
read CHOICE_SYSTEM
case ${CHOICE_SYSTEM} in
1)
printf "\t開始安裝 Salt-Master:\n" |tee -a ${LOGFILE}
yum -y install salt-master |tee -a ${LOGFILE}
if [ $? == "0" ]; then
LOCAL_IP=`ifconfig|grep broadcast|awk '{print $2}'`;
CONFIG_FILE="/etc/salt/master";
if [ -f ${CONFIG_FILE} ]; then
printf "\t 服務端:Salt-Master安裝......[\033[32m 成功 \-33[0m ]\n" |tee -a ${LOGFILE}
printf "\t \n開始配置:\n" |tee -a ${LOGFILE}
cp /etc/salt/master /etc/salt/master-example
sed -i 's/#interface/interface/g' ${CONFIG_FILE}
printf "#################################\n" |tee -a ${LOGFILE}
egrep -v "^#|^$" /etc/salt/master |tee -a ${LOGFILE}
printf "#################################\n" |tee -a ${LOGFILE}
printf "\n 配置安全認證:\n" |tee -a ${LOGFILE}
printf "\n \033[31m (默認允許所有Pending的公鑰;)\033[0m\n" |tee -a ${LOGFILE}
salt-key -A && salt-key -L
printf "\n 安全認證配置.......[ \033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
printf "\n 開始啓動 Salt-Master\n" |tee -a ${LOGFILE}
service salt-master start
PID=`cat /var/run/salt-master.pid`
if [ ! -z ${PID} ]; then
printf "\n \t Salt-Master啓動.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
printf "\t是否設置開機啓動:\n"
printf "\t(默認設置:Yes)\n"
read -t 5 -p "[yes/no]:" DEFAULT_START
case "${DEFAULT_START}" in
y|Y|YES|yes)
chkconfig salt-master on
printf "\n \t Salt-Master開機默認啓動設置.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
;;
n|N|no|NO)
printf "\t您未設置服務開機默認啓動,請手動設置:\"chkconfig salt-master on\" \n"
;;
*)
chkconfig salt-master on
printf "\n \t Salt-Master開機默認啓動設置.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
;;
esac
for((i=0;i<6;i++)); do
printf "* \n"
sleep 0.8
done
printf "\n \033[32m 恭喜您!SaltStack 服務器端已經安裝成功!\033[0m \n"
exit 0
else
printf "\n \t Salt-Master啓動.......[\033[31m 失敗 \033[0m ]\n" |tee -a ${LOGFILE}
fi
else
printf "\t \033[31m 服務端未正確安裝,請重新安裝!\033[0m \n"
exit 1
fi
else
printf "\t 服務端:salt-master安裝......[\033[31m 失敗 \-33[0m ]\n" |tee -a ${LOGFILE}
exit 1
fi
;;
2)
printf "\t開始安裝 Salt-Minion:\n" |tee -a ${LOGFILE}
yum -y install salt-minion
if [ $? == "0" ]; then
CONFIG_FILE="/etc/salt/minion";
if [ -f ${CONFIG_FILE} ]; then
printf "\t 客戶端:Salt-Minion安裝......[\033[32m 成功 \-33[0m ]\n" |tee -a ${LOGFILE}
printf "\t \n開始配置:\n" |tee -a ${LOGFILE}
cp /etc/salt/minion /etc/salt/minion-example
read -p "請輸入Salt-Master服務器IP地址:" SERVER_IP
sed -i "s/#master: salt/master: ${SERVER_IP}/g" ${CONFIG_FILE}
printf "#################################\n" |tee -a ${LOGFILE}
egrep -v "^#|^$" /etc/salt/minion |tee -a ${LOGFILE}
printf "#################################\n" |tee -a ${LOGFILE}
service salt-minion start
PID=`cat /var/run/salt-minion.pid`
if [ ! -z ${PID} ]; then
printf "\n \t Salt-Minion啓動.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
printf "\t是否設置開機啓動:\n"
printf "\t(默認設置:Yes)\n"
read -t 5 -p "[yes/no]:" DEFAULT_START
case "${DEFAULT_START}" in
y|Y|YES|yes)
chkconfig salt-minion on
printf "\n \t Salt-Minion啓動.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
;;
n|N|no|NO)
printf "\t您未設置服務開機默認啓動,請手動設置:\"chkconfig salt-minion on\" \n"
;;
*)
chkconfig salt-minion on
printf "\n \t Salt-Minion啓動.......[\033[32m 成功 \033[0m ]\n" |tee -a ${LOGFILE}
;;
esac
for((i=0;i<6;i++)); do
printf "* \n"
sleep 0.8
done
printf "\n \033[32m 恭喜您!SaltStack 客戶端已經安裝成功!\033[0m \n"
exit 0
else
printf "\n \t Salt-Minion啓動.......[\033[31m 失敗 \033[0m ]\n" |tee -a ${LOGFILE}
exit 1
fi
else
printf "\t 客戶端:Salt-Minion安裝......[\033[31m 失敗 \033[0m ]\n" |tee -a ${LOGFILE}
exit 1
fi
else
printf "\t 客戶端:Salt-Minion安裝......[\033[31m 失敗 \033[0m ]\n" |tee -a ${LOGFILE}
exit 1
fi
;;
q|Q|quit|exit)
exit 0
;;
*)
install_salt;
;;
esac
}
ready;
注: 到此所有的部署均已經完成,在此搭建過程中遇到任何問題可以發送郵件至:[email protected]