自動化運維
1.自動化運維工具
Puppet (www.puppetlabs.com)基於rubby開發,c/s架構,支持多平臺,可管理配置文件、用戶、cron任務、軟件包、系統服務等。 分爲社區版(免費)和企業版(收費),企業版支持圖形化配置。
Saltstack(官網 https://saltstack.com,文檔 docs.saltstack.com )基於python開發,c/s架構,支持多平臺,比puppet輕量,在遠程執行命令時非常快捷,配置和使用比puppet容易,能實現puppet幾乎所有的功能。
Ansible (www.ansible.com )更加簡潔的自動化運維工具,不需要在客戶端上安裝agent,基於python開發。可以實現批量操作系統配置、批量程序的部署、批量運行命令。
2.salt安裝
192.168.174.128作爲主控端,需要安裝salt-master salt-minion;
192.168.174.129作爲被控端,需要安裝salt-minion;
192.168.174.139作爲被控端,需要安裝salt-minion。
注:salt的安裝源是在epel上,若沒有安裝epel源,需要安裝此源
[root@linux-001 ~]# yum install -y salt-master salt-minion
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 8.3 kB 00:00:00
* base: mirrors.cn99.com
* epel: mirrors.aliyun.com
* extras: mirrors.163.com
* updates: mirrors.163.com
base | 3.6 kB 00:00:00
epel | 5.4 kB 00:00:00
extras | 3.4 kB 00:00:00
mongodb-org-4.0 | 2.5 kB 00:00:00
updates | 3.4 kB 00:00:00
zabbix | 2.9 kB 00:00:00
zabbix-non-supported | 951 B 00:00:00
(1/2): epel/x86_64/updateinfo | 993 kB 00:00:05
(2/2): epel/x86_64/primary_db | 6.8 MB 00:00:07
正在解決依賴關係
--> 正在檢查事務
---> 軟件包 salt-master.noarch.0.2015.5.10-2.el7 將被 安裝
--> 正在處理依賴關係 salt = 2015.5.10-2.el7,它被軟件包 salt-master-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 systemd-python,它被軟件包 salt-master-2015.5.10-2.el7.noarch 需要
---> 軟件包 salt-minion.noarch.0.2015.5.10-2.el7 將被 安裝
--> 正在檢查事務
---> 軟件包 salt.noarch.0.2015.5.10-2.el7 將被 安裝
--> 正在處理依賴關係 PyYAML,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 m2crypto,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-crypto,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-jinja2,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-msgpack,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-requests,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-zmq,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
---> 軟件包 systemd-python.x86_64.0.219-62.el7_6.7 將被 安裝
--> 正在處理依賴關係 systemd-libs = 219-62.el7_6.7,它被軟件包 systemd-python-219-62.el7_6.7.x86_64 需要
--> 正在處理依賴關係 systemd = 219-62.el7_6.7,它被軟件包 systemd-python-219-62.el7_6.7.x86_64 需要
--> 正在檢查事務
---> 軟件包 PyYAML.x86_64.0.3.10-11.el7 將被 安裝
--> 正在處理依賴關係 libyaml-0.so.2()(64bit),它被軟件包 PyYAML-3.10-11.el7.x86_64 需要
---> 軟件包 m2crypto.x86_64.0.0.21.1-17.el7 將被 安裝
---> 軟件包 python-jinja2.noarch.0.2.7.2-3.el7_6 將被 安裝
--> 正在處理依賴關係 python-babel >= 0.8,它被軟件包 python-jinja2-2.7.2-3.el7_6.noarch 需要
--> 正在處理依賴關係 python-markupsafe,它被軟件包 python-jinja2-2.7.2-3.el7_6.noarch 需要
---> 軟件包 python-requests.noarch.0.2.6.0-1.el7_1 將被 安裝
--> 正在處理依賴關係 python-urllib3 >= 1.10.2-1,它被軟件包 python-requests-2.6.0-1.el7_1.noarch 需要
---> 軟件包 python2-crypto.x86_64.0.2.6.1-16.el7 將被 安裝
--> 正在處理依賴關係 libtomcrypt.so.0()(64bit),它被軟件包 python2-crypto-2.6.1-16.el7.x86_64 需要
---> 軟件包 python2-msgpack.x86_64.0.0.5.6-5.el7 將被 安裝
---> 軟件包 python2-zmq.x86_64.0.14.7.0-8.el7 將被 安裝
--> 正在處理依賴關係 libzmq.so.5()(64bit),它被軟件包 python2-zmq-14.7.0-8.el7.x86_64 需要
---> 軟件包 systemd.x86_64.0.219-62.el7 將被 升級
--> 正在處理依賴關係 systemd = 219-62.el7,它被軟件包 systemd-sysv-219-62.el7.x86_64 需要
---> 軟件包 systemd.x86_64.0.219-62.el7_6.7 將被 更新
---> 軟件包 systemd-libs.x86_64.0.219-62.el7 將被 升級
---> 軟件包 systemd-libs.x86_64.0.219-62.el7_6.7 將被 更新
--> 正在檢查事務
---> 軟件包 libtomcrypt.x86_64.0.1.17-26.el7 將被 安裝
--> 正在處理依賴關係 libtommath >= 0.42.0,它被軟件包 libtomcrypt-1.17-26.el7.x86_64 需要
--> 正在處理依賴關係 libtommath.so.0()(64bit),它被軟件包 libtomcrypt-1.17-26.el7.x86_64 需要
---> 軟件包 libyaml.x86_64.0.0.1.4-11.el7_0 將被 安裝
---> 軟件包 python-babel.noarch.0.0.9.6-8.el7 將被 安裝
---> 軟件包 python-markupsafe.x86_64.0.0.11-10.el7 將被 安裝
---> 軟件包 python-urllib3.noarch.0.1.10.2-5.el7 將被 安裝
--> 正在處理依賴關係 python-six,它被軟件包 python-urllib3-1.10.2-5.el7.noarch 需要
--> 正在處理依賴關係 python-ipaddress,它被軟件包 python-urllib3-1.10.2-5.el7.noarch 需要
--> 正在處理依賴關係 python-backports-ssl_match_hostname,它被軟件包 python-urllib3-1.10.2-5.el7.noarch 需要
---> 軟件包 systemd-sysv.x86_64.0.219-62.el7 將被 升級
---> 軟件包 systemd-sysv.x86_64.0.219-62.el7_6.7 將被 更新
---> 軟件包 zeromq.x86_64.0.4.1.4-6.el7 將被 安裝
--> 正在處理依賴關係 libpgm-5.2.so.0()(64bit),它被軟件包 zeromq-4.1.4-6.el7.x86_64 需要
--> 正在處理依賴關係 libsodium.so.23()(64bit),它被軟件包 zeromq-4.1.4-6.el7.x86_64 需要
--> 正在檢查事務
---> 軟件包 libsodium.x86_64.0.1.0.18-1.el7 將被 安裝
---> 軟件包 libtommath.x86_64.0.0.42.0-6.el7 將被 安裝
---> 軟件包 openpgm.x86_64.0.5.2.122-2.el7 將被 安裝
---> 軟件包 python-backports-ssl_match_hostname.noarch.0.3.5.0.1-1.el7 將被 安裝
--> 正在處理依賴關係 python-backports,它被軟件包 python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 需要
---> 軟件包 python-ipaddress.noarch.0.1.0.16-2.el7 將被 安裝
---> 軟件包 python-six.noarch.0.1.9.0-2.el7 將被 安裝
--> 正在檢查事務
---> 軟件包 python-backports.x86_64.0.1.0-8.el7 將被 安裝
--> 解決依賴關係完成
依賴關係解決
===================================================================================================================================
Package 架構 版本 源 大小
===================================================================================================================================
正在安裝:
salt-master noarch 2015.5.10-2.el7 epel 1.0 M
salt-minion noarch 2015.5.10-2.el7 epel 26 k
爲依賴而安裝:
PyYAML x86_64 3.10-11.el7 base 153 k
libsodium x86_64 1.0.18-1.el7 epel 147 k
libtomcrypt x86_64 1.17-26.el7 extras 224 k
libtommath x86_64 0.42.0-6.el7 extras 36 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
m2crypto x86_64 0.21.1-17.el7 base 429 k
openpgm x86_64 5.2.122-2.el7 epel 171 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-backports x86_64 1.0-8.el7 base 5.8 k
python-backports-ssl_match_hostname noarch 3.5.0.1-1.el7 base 13 k
python-ipaddress noarch 1.0.16-2.el7 base 34 k
python-jinja2 noarch 2.7.2-3.el7_6 updates 518 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python-requests noarch 2.6.0-1.el7_1 base 94 k
python-six noarch 1.9.0-2.el7 base 29 k
python-urllib3 noarch 1.10.2-5.el7 base 102 k
python2-crypto x86_64 2.6.1-16.el7 epel 477 k
python2-msgpack x86_64 0.5.6-5.el7 epel 64 k
python2-zmq x86_64 14.7.0-8.el7 epel 505 k
salt noarch 2015.5.10-2.el7 epel 4.1 M
systemd-python x86_64 219-62.el7_6.7 updates 133 k
zeromq x86_64 4.1.4-6.el7 epel 556 k
爲依賴而更新:
systemd x86_64 219-62.el7_6.7 updates 5.1 M
systemd-libs x86_64 219-62.el7_6.7 updates 407 k
systemd-sysv x86_64 219-62.el7_6.7 updates 84 k
事務概要
===================================================================================================================================
安裝 2 軟件包 (+22 依賴軟件包)
升級 ( 3 依賴軟件包)
總下載量:16 M
Downloading packages:
updates/7/x86_64/prestodelta | 829 kB 00:00:08
Delta RPMs reduced 5.5 M of updates to 2.0 M (63% saved)
(1/27): systemd-219-62.el7_219-62.el7_6.7.x86_64.drpm | 1.9 MB 00:00:05
(2/27): libsodium-1.0.18-1.el7.x86_64.rpm | 147 kB 00:00:05
(3/27): systemd-libs-219-62.el7_219-62.el7_6.7.x86_64.drpm | 144 kB 00:00:06
(4/27): libtomcrypt-1.17-26.el7.x86_64.rpm | 224 kB 00:00:05
(5/27): PyYAML-3.10-11.el7.x86_64.rpm | 153 kB 00:00:06
(6/27): openpgm-5.2.122-2.el7.x86_64.rpm | 171 kB 00:00:00
(7/27): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:00
(8/27): python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch.rpm | 13 kB 00:00:00
(9/27): python-ipaddress-1.0.16-2.el7.noarch.rpm | 34 kB 00:00:00
(10/27): python-jinja2-2.7.2-3.el7_6.noarch.rpm | 518 kB 00:00:00
(11/27): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:00
(12/27): python-requests-2.6.0-1.el7_1.noarch.rpm | 94 kB 00:00:00
(13/27): python-six-1.9.0-2.el7.noarch.rpm | 29 kB 00:00:00
(14/27): python-urllib3-1.10.2-5.el7.noarch.rpm | 102 kB 00:00:00
(15/27): python2-crypto-2.6.1-16.el7.x86_64.rpm | 477 kB 00:00:00
(16/27): python2-msgpack-0.5.6-5.el7.x86_64.rpm | 64 kB 00:00:00
(17/27): python2-zmq-14.7.0-8.el7.x86_64.rpm | 505 kB 00:00:00
(18/27): salt-2015.5.10-2.el7.noarch.rpm | 4.1 MB 00:00:00
(19/27): salt-master-2015.5.10-2.el7.noarch.rpm | 1.0 MB 00:00:00
(20/27): salt-minion-2015.5.10-2.el7.noarch.rpm | 26 kB 00:00:00
(21/27): systemd-python-219-62.el7_6.7.x86_64.rpm | 133 kB 00:00:00
(22/27): libtommath-0.42.0-6.el7.x86_64.rpm | 36 kB 00:00:05
(23/27): zeromq-4.1.4-6.el7.x86_64.rpm | 556 kB 00:00:00
(24/27): libyaml-0.1.4-11.el7_0.x86_64.rpm | 55 kB 00:00:05
(25/27): systemd-sysv-219-62.el7_6.7.x86_64.rpm | 84 kB 00:00:03
(26/27): python-backports-1.0-8.el7.x86_64.rpm | 5.8 kB 00:00:05
(27/27): m2crypto-0.21.1-17.el7.x86_64.rpm | 429 kB 00:00:06
Finishing delta rebuilds of 1 package(s) (5.1 M)
-----------------------------------------------------------------------------------------------------------------------------------
總計 660 kB/s | 12 MB 00:00:18
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安裝 : python-ipaddress-1.0.16-2.el7.noarch 1/30
正在更新 : systemd-libs-219-62.el7_6.7.x86_64 2/30
正在更新 : systemd-219-62.el7_6.7.x86_64 3/30
正在安裝 : systemd-python-219-62.el7_6.7.x86_64 4/30
正在安裝 : libyaml-0.1.4-11.el7_0.x86_64 5/30
正在安裝 : PyYAML-3.10-11.el7.x86_64 6/30
正在安裝 : python-backports-1.0-8.el7.x86_64 7/30
正在安裝 : python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 8/30
正在安裝 : libtommath-0.42.0-6.el7.x86_64 9/30
正在安裝 : libtomcrypt-1.17-26.el7.x86_64 10/30
正在安裝 : python2-crypto-2.6.1-16.el7.x86_64 11/30
正在安裝 : libsodium-1.0.18-1.el7.x86_64 12/30
正在安裝 : m2crypto-0.21.1-17.el7.x86_64 13/30
正在安裝 : python-six-1.9.0-2.el7.noarch 14/30
正在安裝 : python-urllib3-1.10.2-5.el7.noarch 15/30
正在安裝 : python-requests-2.6.0-1.el7_1.noarch 16/30
正在安裝 : python-babel-0.9.6-8.el7.noarch 17/30
正在安裝 : python2-msgpack-0.5.6-5.el7.x86_64 18/30
正在安裝 : openpgm-5.2.122-2.el7.x86_64 19/30
正在安裝 : zeromq-4.1.4-6.el7.x86_64 20/30
正在安裝 : python2-zmq-14.7.0-8.el7.x86_64 21/30
正在安裝 : python-markupsafe-0.11-10.el7.x86_64 22/30
正在安裝 : python-jinja2-2.7.2-3.el7_6.noarch 23/30
正在安裝 : salt-2015.5.10-2.el7.noarch 24/30
正在安裝 : salt-master-2015.5.10-2.el7.noarch 25/30
正在安裝 : salt-minion-2015.5.10-2.el7.noarch 26/30
正在更新 : systemd-sysv-219-62.el7_6.7.x86_64 27/30
清理 : systemd-sysv-219-62.el7.x86_64 28/30
清理 : systemd-219-62.el7.x86_64 29/30
清理 : systemd-libs-219-62.el7.x86_64 30/30
驗證中 : python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 1/30
驗證中 : python-markupsafe-0.11-10.el7.x86_64 2/30
驗證中 : openpgm-5.2.122-2.el7.x86_64 3/30
驗證中 : python2-msgpack-0.5.6-5.el7.x86_64 4/30
驗證中 : systemd-libs-219-62.el7_6.7.x86_64 5/30
驗證中 : python2-crypto-2.6.1-16.el7.x86_64 6/30
驗證中 : systemd-219-62.el7_6.7.x86_64 7/30
驗證中 : python-jinja2-2.7.2-3.el7_6.noarch 8/30
驗證中 : python-babel-0.9.6-8.el7.noarch 9/30
驗證中 : zeromq-4.1.4-6.el7.x86_64 10/30
驗證中 : python-six-1.9.0-2.el7.noarch 11/30
驗證中 : python-urllib3-1.10.2-5.el7.noarch 12/30
驗證中 : m2crypto-0.21.1-17.el7.x86_64 13/30
驗證中 : libsodium-1.0.18-1.el7.x86_64 14/30
驗證中 : salt-master-2015.5.10-2.el7.noarch 15/30
驗證中 : salt-minion-2015.5.10-2.el7.noarch 16/30
驗證中 : libtommath-0.42.0-6.el7.x86_64 17/30
驗證中 : python-backports-1.0-8.el7.x86_64 18/30
驗證中 : python2-zmq-14.7.0-8.el7.x86_64 19/30
驗證中 : libyaml-0.1.4-11.el7_0.x86_64 20/30
驗證中 : salt-2015.5.10-2.el7.noarch 21/30
驗證中 : python-requests-2.6.0-1.el7_1.noarch 22/30
驗證中 : systemd-sysv-219-62.el7_6.7.x86_64 23/30
驗證中 : python-ipaddress-1.0.16-2.el7.noarch 24/30
驗證中 : systemd-python-219-62.el7_6.7.x86_64 25/30
驗證中 : PyYAML-3.10-11.el7.x86_64 26/30
驗證中 : libtomcrypt-1.17-26.el7.x86_64 27/30
驗證中 : systemd-sysv-219-62.el7.x86_64 28/30
驗證中 : systemd-libs-219-62.el7.x86_64 29/30
驗證中 : systemd-219-62.el7.x86_64 30/30
已安裝:
salt-master.noarch 0:2015.5.10-2.el7 salt-minion.noarch 0:2015.5.10-2.el7
作爲依賴被安裝:
PyYAML.x86_64 0:3.10-11.el7 libsodium.x86_64 0:1.0.18-1.el7
libtomcrypt.x86_64 0:1.17-26.el7 libtommath.x86_64 0:0.42.0-6.el7
libyaml.x86_64 0:0.1.4-11.el7_0 m2crypto.x86_64 0:0.21.1-17.el7
openpgm.x86_64 0:5.2.122-2.el7 python-babel.noarch 0:0.9.6-8.el7
python-backports.x86_64 0:1.0-8.el7 python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7
python-ipaddress.noarch 0:1.0.16-2.el7 python-jinja2.noarch 0:2.7.2-3.el7_6
python-markupsafe.x86_64 0:0.11-10.el7 python-requests.noarch 0:2.6.0-1.el7_1
python-six.noarch 0:1.9.0-2.el7 python-urllib3.noarch 0:1.10.2-5.el7
python2-crypto.x86_64 0:2.6.1-16.el7 python2-msgpack.x86_64 0:0.5.6-5.el7
python2-zmq.x86_64 0:14.7.0-8.el7 salt.noarch 0:2015.5.10-2.el7
systemd-python.x86_64 0:219-62.el7_6.7 zeromq.x86_64 0:4.1.4-6.el7
作爲依賴被升級:
systemd.x86_64 0:219-62.el7_6.7 systemd-libs.x86_64 0:219-62.el7_6.7 systemd-sysv.x86_64 0:219-62.el7_6.7
完畢!
在被控端安裝salt只需要安裝salt-minion
[root@linux-02 ~]# yum install -y salt-minion
已加載插件:fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository contrib is listed more than once in the configuration
Determining fastest mirrors
epel/x86_64/metalink | 8.3 kB 00:00:00
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
epel | 5.4 kB 00:00:00
extras | 3.4 kB 00:00:00
mariadb-main | 2.9 kB 00:00:00
mariadb-maxscale | 2.4 kB 00:00:00
mariadb-tools | 2.9 kB 00:00:00
mongodb-org-4.0 | 2.5 kB 00:00:00
updates | 3.4 kB 00:00:00
zabbix | 2.9 kB 00:00:00
zabbix-non-supported | 951 B 00:00:00
(1/3): epel/x86_64/updateinfo | 993 kB 00:00:05
(2/3): updates/7/x86_64/primary_db | 6.5 MB 00:00:07
(3/3): epel/x86_64/primary_db | 6.8 MB 00:00:11
正在解決依賴關係
--> 正在檢查事務
---> 軟件包 salt-minion.noarch.0.2015.5.10-2.el7 將被 安裝
--> 正在處理依賴關係 salt = 2015.5.10-2.el7,它被軟件包 salt-minion-2015.5.10-2.el7.noarch 需要
--> 正在檢查事務
---> 軟件包 salt.noarch.0.2015.5.10-2.el7 將被 安裝
--> 正在處理依賴關係 PyYAML,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 m2crypto,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-crypto,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-jinja2,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-msgpack,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-requests,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 python-zmq,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在處理依賴關係 systemd-python,它被軟件包 salt-2015.5.10-2.el7.noarch 需要
--> 正在檢查事務
---> 軟件包 PyYAML.x86_64.0.3.10-11.el7 將被 安裝
---> 軟件包 m2crypto.x86_64.0.0.21.1-17.el7 將被 安裝
---> 軟件包 python-jinja2.noarch.0.2.7.2-3.el7_6 將被 安裝
--> 正在處理依賴關係 python-babel >= 0.8,它被軟件包 python-jinja2-2.7.2-3.el7_6.noarch 需要
--> 正在處理依賴關係 python-markupsafe,它被軟件包 python-jinja2-2.7.2-3.el7_6.noarch 需要
---> 軟件包 python-requests.noarch.0.2.6.0-1.el7_1 將被 安裝
--> 正在處理依賴關係 python-urllib3 >= 1.10.2-1,它被軟件包 python-requests-2.6.0-1.el7_1.noarch 需要
---> 軟件包 python2-crypto.x86_64.0.2.6.1-16.el7 將被 安裝
--> 正在處理依賴關係 libtomcrypt.so.0()(64bit),它被軟件包 python2-crypto-2.6.1-16.el7.x86_64 需要
---> 軟件包 python2-msgpack.x86_64.0.0.5.6-5.el7 將被 安裝
---> 軟件包 python2-zmq.x86_64.0.14.7.0-8.el7 將被 安裝
--> 正在處理依賴關係 libzmq.so.5()(64bit),它被軟件包 python2-zmq-14.7.0-8.el7.x86_64 需要
---> 軟件包 systemd-python.x86_64.0.219-62.el7_6.7 將被 安裝
--> 正在處理依賴關係 systemd-libs = 219-62.el7_6.7,它被軟件包 systemd-python-219-62.el7_6.7.x86_64 需要
--> 正在處理依賴關係 systemd = 219-62.el7_6.7,它被軟件包 systemd-python-219-62.el7_6.7.x86_64 需要
--> 正在檢查事務
---> 軟件包 libtomcrypt.x86_64.0.1.17-26.el7 將被 安裝
--> 正在處理依賴關係 libtommath >= 0.42.0,它被軟件包 libtomcrypt-1.17-26.el7.x86_64 需要
--> 正在處理依賴關係 libtommath.so.0()(64bit),它被軟件包 libtomcrypt-1.17-26.el7.x86_64 需要
---> 軟件包 python-babel.noarch.0.0.9.6-8.el7 將被 安裝
---> 軟件包 python-markupsafe.x86_64.0.0.11-10.el7 將被 安裝
---> 軟件包 python-urllib3.noarch.0.1.10.2-5.el7 將被 安裝
--> 正在處理依賴關係 python-six,它被軟件包 python-urllib3-1.10.2-5.el7.noarch 需要
--> 正在處理依賴關係 python-ipaddress,它被軟件包 python-urllib3-1.10.2-5.el7.noarch 需要
--> 正在處理依賴關係 python-backports-ssl_match_hostname,它被軟件包 python-urllib3-1.10.2-5.el7.noarch 需要
---> 軟件包 systemd.x86_64.0.219-62.el7 將被 升級
--> 正在處理依賴關係 systemd = 219-62.el7,它被軟件包 systemd-sysv-219-62.el7.x86_64 需要
---> 軟件包 systemd.x86_64.0.219-62.el7_6.7 將被 更新
---> 軟件包 systemd-libs.x86_64.0.219-62.el7 將被 升級
---> 軟件包 systemd-libs.x86_64.0.219-62.el7_6.7 將被 更新
---> 軟件包 zeromq.x86_64.0.4.1.4-6.el7 將被 安裝
--> 正在處理依賴關係 libpgm-5.2.so.0()(64bit),它被軟件包 zeromq-4.1.4-6.el7.x86_64 需要
--> 正在處理依賴關係 libsodium.so.23()(64bit),它被軟件包 zeromq-4.1.4-6.el7.x86_64 需要
--> 正在檢查事務
---> 軟件包 libsodium.x86_64.0.1.0.18-1.el7 將被 安裝
---> 軟件包 libtommath.x86_64.0.0.42.0-6.el7 將被 安裝
---> 軟件包 openpgm.x86_64.0.5.2.122-2.el7 將被 安裝
---> 軟件包 python-backports-ssl_match_hostname.noarch.0.3.5.0.1-1.el7 將被 安裝
--> 正在處理依賴關係 python-backports,它被軟件包 python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 需要
---> 軟件包 python-ipaddress.noarch.0.1.0.16-2.el7 將被 安裝
---> 軟件包 python-six.noarch.0.1.9.0-2.el7 將被 安裝
---> 軟件包 systemd-sysv.x86_64.0.219-62.el7 將被 升級
---> 軟件包 systemd-sysv.x86_64.0.219-62.el7_6.7 將被 更新
--> 正在檢查事務
---> 軟件包 python-backports.x86_64.0.1.0-8.el7 將被 安裝
--> 解決依賴關係完成
依賴關係解決
===================================================================================================================================
Package 架構 版本 源 大小
===================================================================================================================================
正在安裝:
salt-minion noarch 2015.5.10-2.el7 epel 26 k
爲依賴而安裝:
PyYAML x86_64 3.10-11.el7 base 153 k
libsodium x86_64 1.0.18-1.el7 epel 147 k
libtomcrypt x86_64 1.17-26.el7 extras 224 k
libtommath x86_64 0.42.0-6.el7 extras 36 k
m2crypto x86_64 0.21.1-17.el7 base 429 k
openpgm x86_64 5.2.122-2.el7 epel 171 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-backports x86_64 1.0-8.el7 base 5.8 k
python-backports-ssl_match_hostname noarch 3.5.0.1-1.el7 base 13 k
python-ipaddress noarch 1.0.16-2.el7 base 34 k
python-jinja2 noarch 2.7.2-3.el7_6 updates 518 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python-requests noarch 2.6.0-1.el7_1 base 94 k
python-six noarch 1.9.0-2.el7 base 29 k
python-urllib3 noarch 1.10.2-5.el7 base 102 k
python2-crypto x86_64 2.6.1-16.el7 epel 477 k
python2-msgpack x86_64 0.5.6-5.el7 epel 64 k
python2-zmq x86_64 14.7.0-8.el7 epel 505 k
salt noarch 2015.5.10-2.el7 epel 4.1 M
systemd-python x86_64 219-62.el7_6.7 updates 133 k
zeromq x86_64 4.1.4-6.el7 epel 556 k
爲依賴而更新:
systemd x86_64 219-62.el7_6.7 updates 5.1 M
systemd-libs x86_64 219-62.el7_6.7 updates 407 k
systemd-sysv x86_64 219-62.el7_6.7 updates 84 k
事務概要
===================================================================================================================================
安裝 1 軟件包 (+21 依賴軟件包)
升級 ( 3 依賴軟件包)
總下載量:15 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/25): PyYAML-3.10-11.el7.x86_64.rpm | 153 kB 00:00:07
(2/25): libtomcrypt-1.17-26.el7.x86_64.rpm | 224 kB 00:00:07
(3/25): libtommath-0.42.0-6.el7.x86_64.rpm | 36 kB 00:00:07
(4/25): openpgm-5.2.122-2.el7.x86_64.rpm | 171 kB 00:00:00
(5/25): m2crypto-0.21.1-17.el7.x86_64.rpm | 429 kB 00:00:07
(6/25): libsodium-1.0.18-1.el7.x86_64.rpm | 147 kB 00:00:07
(7/25): python-backports-1.0-8.el7.x86_64.rpm | 5.8 kB 00:00:00
(8/25): python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch.rpm | 13 kB 00:00:00
(9/25): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:00
(10/25): python-ipaddress-1.0.16-2.el7.noarch.rpm | 34 kB 00:00:00
(11/25): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:00
(12/25): python-six-1.9.0-2.el7.noarch.rpm | 29 kB 00:00:00
(13/25): python-requests-2.6.0-1.el7_1.noarch.rpm | 94 kB 00:00:00
(14/25): python-urllib3-1.10.2-5.el7.noarch.rpm | 102 kB 00:00:00
(15/25): python2-crypto-2.6.1-16.el7.x86_64.rpm | 477 kB 00:00:00
(16/25): python2-zmq-14.7.0-8.el7.x86_64.rpm | 505 kB 00:00:00
(17/25): salt-2015.5.10-2.el7.noarch.rpm | 4.1 MB 00:00:00
(18/25): salt-minion-2015.5.10-2.el7.noarch.rpm | 26 kB 00:00:00
(19/25): systemd-219-62.el7_6.7.x86_64.rpm | 5.1 MB 00:00:00
(20/25): systemd-libs-219-62.el7_6.7.x86_64.rpm | 407 kB 00:00:00
(21/25): systemd-python-219-62.el7_6.7.x86_64.rpm | 133 kB 00:00:00
(22/25): systemd-sysv-219-62.el7_6.7.x86_64.rpm | 84 kB 00:00:00
(23/25): zeromq-4.1.4-6.el7.x86_64.rpm | 556 kB 00:00:00
(24/25): python-jinja2-2.7.2-3.el7_6.noarch.rpm | 518 kB 00:00:05
(25/25): python2-msgpack-0.5.6-5.el7.x86_64.rpm | 64 kB 00:00:05
-----------------------------------------------------------------------------------------------------------------------------------
總計 1.1 MB/s | 15 MB 00:00:13
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安裝 : python-ipaddress-1.0.16-2.el7.noarch 1/28
正在更新 : systemd-libs-219-62.el7_6.7.x86_64 2/28
正在更新 : systemd-219-62.el7_6.7.x86_64 3/28
正在安裝 : systemd-python-219-62.el7_6.7.x86_64 4/28
正在安裝 : PyYAML-3.10-11.el7.x86_64 5/28
正在安裝 : python-backports-1.0-8.el7.x86_64 6/28
正在安裝 : python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 7/28
正在安裝 : libtommath-0.42.0-6.el7.x86_64 8/28
正在安裝 : libtomcrypt-1.17-26.el7.x86_64 9/28
正在安裝 : python2-crypto-2.6.1-16.el7.x86_64 10/28
正在安裝 : python-babel-0.9.6-8.el7.noarch 11/28
正在安裝 : libsodium-1.0.18-1.el7.x86_64 12/28
正在安裝 : m2crypto-0.21.1-17.el7.x86_64 13/28
正在安裝 : python-six-1.9.0-2.el7.noarch 14/28
正在安裝 : python-urllib3-1.10.2-5.el7.noarch 15/28
正在安裝 : python-requests-2.6.0-1.el7_1.noarch 16/28
正在安裝 : python2-msgpack-0.5.6-5.el7.x86_64 17/28
正在安裝 : openpgm-5.2.122-2.el7.x86_64 18/28
正在安裝 : zeromq-4.1.4-6.el7.x86_64 19/28
正在安裝 : python2-zmq-14.7.0-8.el7.x86_64 20/28
正在安裝 : python-markupsafe-0.11-10.el7.x86_64 21/28
正在安裝 : python-jinja2-2.7.2-3.el7_6.noarch 22/28
正在安裝 : salt-2015.5.10-2.el7.noarch 23/28
正在安裝 : salt-minion-2015.5.10-2.el7.noarch 24/28
正在更新 : systemd-sysv-219-62.el7_6.7.x86_64 25/28
清理 : systemd-sysv-219-62.el7.x86_64 26/28
清理 : systemd-219-62.el7.x86_64 27/28
清理 : systemd-libs-219-62.el7.x86_64 28/28
驗證中 : python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 1/28
驗證中 : python-markupsafe-0.11-10.el7.x86_64 2/28
驗證中 : openpgm-5.2.122-2.el7.x86_64 3/28
驗證中 : python2-msgpack-0.5.6-5.el7.x86_64 4/28
驗證中 : systemd-libs-219-62.el7_6.7.x86_64 5/28
驗證中 : python2-crypto-2.6.1-16.el7.x86_64 6/28
驗證中 : systemd-219-62.el7_6.7.x86_64 7/28
驗證中 : python-jinja2-2.7.2-3.el7_6.noarch 8/28
驗證中 : zeromq-4.1.4-6.el7.x86_64 9/28
驗證中 : python-six-1.9.0-2.el7.noarch 10/28
驗證中 : python-urllib3-1.10.2-5.el7.noarch 11/28
驗證中 : m2crypto-0.21.1-17.el7.x86_64 12/28
驗證中 : libsodium-1.0.18-1.el7.x86_64 13/28
驗證中 : python-babel-0.9.6-8.el7.noarch 14/28
驗證中 : salt-minion-2015.5.10-2.el7.noarch 15/28
驗證中 : libtommath-0.42.0-6.el7.x86_64 16/28
驗證中 : python-backports-1.0-8.el7.x86_64 17/28
驗證中 : python2-zmq-14.7.0-8.el7.x86_64 18/28
驗證中 : salt-2015.5.10-2.el7.noarch 19/28
驗證中 : python-requests-2.6.0-1.el7_1.noarch 20/28
驗證中 : systemd-sysv-219-62.el7_6.7.x86_64 21/28
驗證中 : python-ipaddress-1.0.16-2.el7.noarch 22/28
驗證中 : systemd-python-219-62.el7_6.7.x86_64 23/28
驗證中 : PyYAML-3.10-11.el7.x86_64 24/28
驗證中 : libtomcrypt-1.17-26.el7.x86_64 25/28
驗證中 : systemd-sysv-219-62.el7.x86_64 26/28
驗證中 : systemd-libs-219-62.el7.x86_64 27/28
驗證中 : systemd-219-62.el7.x86_64 28/28
已安裝:
salt-minion.noarch 0:2015.5.10-2.el7
作爲依賴被安裝:
PyYAML.x86_64 0:3.10-11.el7 libsodium.x86_64 0:1.0.18-1.el7
libtomcrypt.x86_64 0:1.17-26.el7 libtommath.x86_64 0:0.42.0-6.el7
m2crypto.x86_64 0:0.21.1-17.el7 openpgm.x86_64 0:5.2.122-2.el7
python-babel.noarch 0:0.9.6-8.el7 python-backports.x86_64 0:1.0-8.el7
python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 python-ipaddress.noarch 0:1.0.16-2.el7
python-jinja2.noarch 0:2.7.2-3.el7_6 python-markupsafe.x86_64 0:0.11-10.el7
python-requests.noarch 0:2.6.0-1.el7_1 python-six.noarch 0:1.9.0-2.el7
python-urllib3.noarch 0:1.10.2-5.el7 python2-crypto.x86_64 0:2.6.1-16.el7
python2-msgpack.x86_64 0:0.5.6-5.el7 python2-zmq.x86_64 0:14.7.0-8.el7
salt.noarch 0:2015.5.10-2.el7 systemd-python.x86_64 0:219-62.el7_6.7
zeromq.x86_64 0:4.1.4-6.el7
作爲依賴被升級:
systemd.x86_64 0:219-62.el7_6.7 systemd-libs.x86_64 0:219-62.el7_6.7 systemd-sysv.x86_64 0:219-62.el7_6.7
完畢!
3.配置salt相關服務
修改三臺服務器上的hosts文件,添加三臺服務器的ip地址和hostname
[root@linux-001 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.174.128 linux-001
192.168.174.129 linux-02
192.168.174.130 linux-03
修改三臺服務器的minion,下圖修改的是001機器,002機器和003機器也一樣。
[root@linux-001 ~]# vim /etc/salt/minion
master: linux-001 //添加一行master的信息
[root@linux-001 ~]# systemctl start salt-minion
啓動salt-master,可以查看到salt啓動的端口是4505和4506。
[root@linux-001 ~]# systemctl start salt-master
[root@linux-001 ~]# ps axu |grep salt
root 22042 0.0 1.8 234880 15660 ? Ss 17:11 0:00 /usr/bin/python /usr/bin/salt-minion
root 22053 0.1 3.1 533480 26508 ? Sl 17:11 0:00 /usr/bin/python /usr/bin/salt-minion
root 22957 2.7 3.2 320924 27436 ? Ss 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22964 1.2 3.1 408956 26020 ? Sl 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22965 0.0 2.7 402852 23092 ? Sl 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22966 0.0 2.8 402852 23700 ? Sl 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22968 0.1 2.7 320924 22468 ? S 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22975 4.4 3.1 655004 26244 ? Rl 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22976 5.5 3.1 656036 26248 ? Sl 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22977 4.3 3.1 655008 26252 ? Sl 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22978 4.5 3.1 655008 26252 ? Sl 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22979 4.4 3.1 655008 26256 ? Rl 17:16 0:00 /usr/bin/python /usr/bin/salt-master
root 22991 38.0 2.7 566708 23000 ? Rl 17:16 0:03 /usr/bin/python /usr/bin/salt-master
root 23155 0.0 0.1 112724 988 pts/0 R+ 17:16 0:00 grep --color=auto salt
root 23156 0.0 2.8 655008 23672 ? R 17:16 0:00 /usr/bin/python /usr/bin/salt-master
[root@linux-001 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.174.128:27017 0.0.0.0:* LISTEN 9911/mongod
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 9911/mongod
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:20048 0.0.0.0:* LISTEN 6864/rpc.mountd
tcp 0 0 0.0.0.0:49681 0.0.0.0:* LISTEN 6847/rpc.statd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6828/sshd
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 22965/python
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7238/master
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 22991/python
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:36388 0.0.0.0:* LISTEN -
tcp6 0 0 :::3306 :::* LISTEN 7162/mysqld
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::20048 :::* LISTEN 6864/rpc.mountd
tcp6 0 0 :::22 :::* LISTEN 6828/sshd
tcp6 0 0 :::36887 :::* LISTEN -
tcp6 0 0 ::1:25 :::* LISTEN 7238/master
tcp6 0 0 :::2049 :::* LISTEN -
tcp6 0 0 :::51393 :::* LISTEN 6847/rpc.statd
4.salt的配置認證
master端和minion端通信需要建立一個安全通道,傳輸過程需要加密,所以得配置認證,也是通過密鑰對來加密解密的
minion在第一次啓動時會在/etc/salt/pki/minion/下生成minion.pem和minion.pub,其中.pub爲公鑰,它會把公鑰傳輸給master
master第一次啓動時也會在/etc/salt/pki/master下生成密鑰對,當master接收到minion傳過來的公鑰後,通過salt-key工具接受這個公鑰,一旦接受後就會在/etc/salt/pki/master/minions/目錄裏存放剛剛接受的公鑰,同時客戶端也會接受master傳過去的公鑰,把它放在/etc/salt/pki/minion目錄下,並命名爲minion_master.pub
以上過程需要藉助salt-key工具來實現
執行如下命令 salt-key -a aming-01// -a後面跟主機名,可以認證指定主機
salt-key -a aming-02
-a 後面跟主機名,認證指定主機
-A 認證所有主機
-r 跟主機名,拒絕指定主機
-R 拒絕所有主機
-d 跟主機名,刪除指定主機認證
-D 刪除全部主機認證
-y 省略掉交互,相當於直接按了y
[root@linux-01 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
linux-01
linux-02
linux-03
Rejected Keys:
[root@linux-01 ~]# vim /etc/hosts
[root@linux-01 ~]#
[root@linux-01 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
linux-01
linux-02
linux-03
Proceed? [n/Y] Y
Key for minion linux-01 accepted.
Key for minion linux-02 accepted.
Key for minion linux-03 accepted.
[root@linux-01 ~]# ls /etc/salt/pki/master/minions
linux-001 linux-02 linux-03
5.salt執行遠程命令
[root@linux-01 ~]# salt '*' test.ping
linux-02:
True
linux-03:
True
linux-01:
True
[root@linux-01 ~]# salt '*' cmd.run 'ls'
linux-02:
111
111.log
Ctrl-C
anaconda-ks.cfg
grant
mongodb-org-4.0.10-1.el7.x86_64.rpm
mongodb-org-mongos-4.0.10-1.el7.x86_64.rpm
mongodb-org-server-4.0.10-1.el7.x86_64.rpm
mongodb-org-shell-4.0.10-1.el7.x86_64.rpm
mongodb-org-tools-4.0.10-1.el7.x86_64.rpm
mongodb-rpm-package
rpmbuild
show
vim-enhanced-7.4.160-5.el7.x86_64.rpm
linux-01:
1.txt
111
222
add_user.sh
anaconda-ks.cfg
bb.log
ceshi
git-1.8.3.1-20.el7.x86_64.rpm
ifcfg-ens33:0
iptables.sh
mongodb
mongodb-org-4.0.10-1.el7.x86_64.rpm
mongodb-org-shell-4.0.10-1.el7.x86_64.rpm
my.tpt
nload-0.7.4-4.el7.x86_64.rpm
passwd
process.txt
subversion-1.7.14-14.el7.i686.rpm
subversion-1.7.14-14.el7.x86_64.rpm
test
user-passwd.txt
v2ray.sh
xaa
xihaji.log
zabbix.sql
zsh-5.0.2-31.el7.x86_64.rpm
linux-03:
anaconda-ks.cfg
bitnami-wordpress-5.1-0-linux-x64-installer.run
initial-setup-ks.cfg
mysql-community-release-el7-5.noarch.rpm
new
下載
公共
圖片
文檔
桌面
模板
視頻
音樂
[root@linux-01 ~]# salt '*' cmd.run 'hostname'
linux-02:
linux-02
linux-03:
linux-03
linux-01:
linux-01
[root@linux-01 ~]# salt 'linux-01' cmd.run 'df -h'
linux-001:
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 16G 9.0G 6.9G 57% /
devtmpfs 396M 0 396M 0% /dev
tmpfs 407M 16K 407M 1% /dev/shm
tmpfs 407M 17M 390M 5% /run
tmpfs 407M 0 407M 0% /sys/fs/cgroup
tmpfs 407M 14M 394M 4% /tmp
/dev/sda1 197M 115M 82M 59% /boot
tmpfs 82M 0 82M 0% /run/user/0
6.grains
grains是在minion啓動時收集到的一些信息,比如操作系統類型、網卡ip、內核版本、cpu架構等。
salt ‘aming-02’ grains.ls 列出所有的grains項目名字
salt ‘aming-02’ grains.items 列出所有grains項目以及值
grains的信息並不是動態的,並不會實時變更,它是在minion啓動時收集到的。
我們可以根據grains收集到的一些信息,做配置管理工作。
grains支持自定義信息。
[root@linux-01 ~]# salt 'linux-02' grains.ls
linux-02:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gpus
- host
- hwaddr_interfaces
- id
- init
- ip4_interfaces
- ip6_interfaces
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- locale_info
- localhost
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- systemd
- virtual
- zmqversion
[root@linux-01 ~]# salt 'linux-02' grains.items
linux-02:
----------
SSDs:
biosreleasedate:
04/13/2018
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- eagerfpu
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- xsaveopt
- arat
cpu_model:
Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
cpuarch:
x86_64
domain:
fqdn:
linux-02
fqdn_ip4:
- 192.168.174.129
fqdn_ip6:
- fe80::e3af:26e5:ac7b:b1f
- fe80::86ff:d912:c144:4503
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
host:
linux-02
hwaddr_interfaces:
----------
ens33:
00:50:56:3a:cd:af
ens37:
00:0c:29:4b:77:f1
lo:
00:00:00:00:00:00
id:
linux-02
init:
systemd
ip4_interfaces:
----------
ens33:
- 192.168.174.129
ens37:
- 192.168.100.100
lo:
- 127.0.0.1
ip6_interfaces:
----------
ens33:
- fe80::86ff:d912:c144:4503
ens37:
- fe80::e3af:26e5:ac7b:b1f
lo:
- ::1
ip_interfaces:
----------
ens33:
- 192.168.174.129
- fe80::86ff:d912:c144:4503
ens37:
- 192.168.100.100
- fe80::e3af:26e5:ac7b:b1f
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 192.168.100.100
- 192.168.174.129
ipv6:
- ::1
- fe80::86ff:d912:c144:4503
- fe80::e3af:26e5:ac7b:b1f
kernel:
Linux
kernelrelease:
3.10.0-957.el7.x86_64
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
zh_CN
detectedencoding:
UTF-8
localhost:
linux-02
lsb_distrib_id:
CentOS Linux
machine_id:
42b310e318a04f10a706fc5677d2ba1b
manufacturer:
VMware, Inc.
master:
linux-01
mdadm:
mem_total:
812
nodename:
linux-02
num_cpus:
1
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
Core
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.6.1810
osrelease_info:
- 7
- 6
- 1810
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
productname:
VMware Virtual Platform
ps:
ps -efH
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib/python2.7/site-packages
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2015.5.10
saltversioninfo:
- 2015
- 5
- 10
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d e3 03 ef 50 69 16-d9 ab 38 33 9b 4b 77 e7
server_id:
2079933721
shell:
/bin/sh
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
virtual:
VMware
zmqversion:
4.1.4
自定義grains,編輯minion上的機器,從master上獲取grains的值,如果獲取不到值,需要把minion上重新啓動salt-minion,或者killall掉salt-minion,然後啓動salt-minion。
[root@linux-02 ~]# vim /etc/salt/grains
role: nginx
env: test
[root@linux-02 ~]# systemctl restart salt-minion
可以在master上查看到已經獲取到了值。
[root@linux-01 ~]# salt '*' grains.item role env
linux-03:
----------
env:
role:
linux-02:
----------
env:
test
role:
nginx
linux-01:
----------
env:
role:
[root@linux-01 ~]# salt -G role:nginx cmd.run 'hostname'
linux-02:
linux-02
7.pillar
pillar和grains不一樣,是在master上定義的,並且是針對minion定義的一些信息。像一些比較重要的數據(密碼)可以存在pillar裏,還可以定義變量等。
配置自定義pillar vim /etc/salt/master 找到如下配置://去掉前面的警號
pillar_roots:
base: #此行前面有兩個空格
- /srv/pillar #此行前面有4個空格
mkdir /srv/pillar
vim /srv/pillar/test.sls
//內容如下 conf: /etc/123.conf
[root@linux-01 ~]# vim /etc/salt/master
pillar_roots: #可以認爲這是一個項目
base: #base表示項目的key
- /srv/pillar # 這一行代表是值
[root@linux-01 ~]# killall salt-master
[root@linux-01 ~]# systemctl start salt-master
[root@linux-01 ~]# mkdir /srv/pillar
[root@linux-01 ~]# cd !$
cd /srv/pillar
[root@linux-01 pillar]# vi test.sys
conf: /etc/123.conf
[root@linux-01 pillar]# vim top.sys
base:
'linux-02'
- test
[root@linux-01 pillar]# salt '*' saltutil.refresh_pillar //在此處不需要重啓服務,當更改完pillar配置文件後,我們可以通過刷新pillar配置來獲取新的pillar狀態
linux-02:
True
linux-03:
True
linux-001:
True
[root@linux-01 pillar]# salt '*' pillar.item conf
linux-02:
/etc/123.conf
linux-03:
----------
linux-001:
----------
[root@linux-01 pillar]#
8.salt安裝httpd服務
修改master的配置文件,把file_roots配置打開,如下
[root@linux-01 ~]# cat /etc/salt/master |grep -Ev '^#|^$'
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/salt/pillar
[root@linux-01 ~]# cd /srv/salt
[root@linux-01 salt]# vim top.sls
base:
'*': #前面有2個空格,*代表在所有的客戶端執行httpd模塊
- httpd #前面有4個空格
[root@linux-01 salt]# vim httpd.sls
#這個就是httpd模塊的內容
httpd-service: #說明:httpd-service是id的名字,自定義的。
pkg.installed: # pkg.installed 爲包安裝函數
- names: #names是要安裝的包的名字。這裏如果只有一個服務,那麼就可以寫成 –name: httpd 不用再換一行了。
- httpd
- httpd-devel
service.running: #service.running也是一個函數,來保證指定的服務啓動,enable表示開機啓動。
- name: httpd
- enable: True
[root@linux-01 salt]# systemctl restart salt-master
[root@linux-01 salt]#
[root@linux-01 salt]# salt 'linux-01' state.highstate
linux-01:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 17:58:56.814905
Duration: 4862.334 ms
Changes:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 17:59:01.677410
Duration: 74855.449 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-5.el7
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
expat-devel:
----------
new:
2.1.0-11.el7
old:
httpd-devel:
----------
new:
2.4.6-93.el7.centos
old:
libdb-devel:
----------
new:
5.3.21-25.el7
old:
openldap-devel:
----------
new:
2.4.44-21.el7_6
old:
----------
ID: httpd-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 18:00:16.635596
Duration: 1856.958 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
# 檢查一下httpd服務是否啓動,看看端口是否存在
[root@linux-01 salt]# ps -ef |grep httpd
root 12778 1 0 18:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 12780 12778 0 18:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 12782 12778 0 18:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 12783 12778 0 18:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 12784 12778 0 18:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 12785 12778 0 18:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
root 12878 9088 0 18:03 pts/0 00:00:00 grep --color=auto httpd
[root@linux-01 salt]# netstat -lntp |grep httpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12778/httpd
[root@localhost salt]#
9.salt管理文件目錄
9.1 salt管理文件
[root@linux-01 salt]# vi top.sls
base:
'*':
# - httpd
- ceshi
[root@linux-01 salt]# vi ceshi.sls
file_ceshi:
file.managed:
- name: /tmp/linux.txt
- source: salt://1.txt
- user: root
- group: root
- mode: 600
[root@linux-01 salt]# salt 'linux-02' state.highstate
linux-02:
----------
ID: file_test
Function: file.managed
Name: /tmp/linux.txt
Result: True
Comment: File /tmp/linux.txt updated
Started: 18:24:02.050767
Duration: 15.572 ms
Changes:
----------
diff:
New file
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
9.2 salt管理目錄
說明:這裏有一個問題,如果source對應的目錄下有空目錄的話,客戶端上不會創建該目錄
[root@linux-01 salt]# vim top.sls
base:
'*':
# - httpd
- ceshi_dir
[root@linux-01 salt]# vim ceshi_dir.sls
ceshi_dir:
file.recurse:
- name: /tmp/ceshi_dir
- source: salt://123/
- user: root
- file_mode: 640
- dir_mode: 750
- mkdir: True
- clean: True #加上它之後,源刪除文件或目錄,目標也會跟着刪除,否則不會刪除
[root@linux-01 salt]# salt 'linux-02' state.highstate
linux-02:
----------
ID: ceshi_dir
Function: file.recurse
Name: /tmp/ceshi_dir
Result: True
Comment: Recursively updated /tmp/ceshi_dir
Started: 18:36:09.869619
Duration: 1085.54 ms
Changes:
----------
/tmp/ceshi_dir:
----------
mode:
0750
/tmp/ceshi_dir/2.txt:
----------
diff:
New file
mode:
0640
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
10.salt管理遠程命令
[root@linux-01 test]# pwd
/srv/salt/test
[root@linux-01 test]# vi top.sls
base:
'*':
- shell_test
[root@linux-01 test]# vim shell_test.sls
shell_test:
cmd.script:
- source: salt://test/1.sh
- user: root
[root@linux-01 test]# vi 1.sh
#!/bin/bash
touch /tmp/test.txt
cat /etc/passwd > /tmp/test.txt
[root@linux-01 test]# salt 'linux-01' state.highstate
linux-01:
----------
ID: shell_test
Function: cmd.script
Result: True
Comment: Command 'shell_test' run
Started: 23:23:56.940758
Duration: 316.797 ms
Changes:
----------
pid:
19880
retcode:
0
stderr:
stdout:
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
11.salt管理任務計劃
11.1 salt創建一個crontab
[root@linux-01 test]# vim top.sls
base:
'*':
- cron_test
[root@linux-01 test]# vim cron_test.sls
cron_test:
cron.present:
- name: /bin/touch /tmp/111.txt
- user: root
- minute: '*'
- hour: 20
- daymonth: '*'
- month: '*'
- dayweek: '*
[root@linux-01 test]# salt 'linux-01' state.highstate
linux-01:
----------
ID: cron_test
Function: cron.present
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt added to root's crontab
Started: 23:32:51.244319
Duration: 36.301 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
以上的結果中,前兩行的#號行是不可以刪除的,否則會出現crontab出現重複的定時任務(如下圖所示)。
11.1 salt刪除一個crontab
[root@linux-01 test]# vim top.sls
base:
'*':
- cron_delete_test
[root@linux-01 test]# vim cron_delete_test.sls
cron_delete_test:
cron.absent:
- name: /bin/touch /tmp/111.txt
[root@linux-01 test]# salt 'linux-01' state.highstate
linux-01:
----------
ID: cron_delete_test
Function: cron.absent
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt removed from root's crontab
Started: 23:42:08.306320
Duration: 29.779 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
注意:我們不能隨意改動crontab,否則就沒法刪除或者修改這個cron了。
12.salt其它可能會用到的命令
12.1 cp.get_file 拷貝master上的文件到客戶端
此處我設置的master配置文件file_roots的路徑爲:/srv/salt/test
[root@linux-01 test]# cp /etc/salt/master 1.txt
[root@linux-01 test]# ll
總用量 52
-rw-r--r--. 1 root root 64 5月 20 23:14 1.sh
-rw-r-----. 1 root root 29548 5月 20 23:46 1.txt
-rw-r--r--. 1 root root 68 5月 20 23:42 cron_delete_test.sls
-rw-r--r--. 1 root root 170 5月 20 23:32 cron_test.sls
-rw-r--r--. 1 root root 69 5月 20 23:23 shell_test.sls
-rw-r--r--. 1 root root 35 5月 20 23:40 top.sls
[root@linux-01 test]# salt 'linux-01' cp.get_file salt://1.txt /tmp/123.txt
linux-01:
/tmp/123.txt
[root@linux-01 test]# ll /tmp/123.txt
-rw-r--r--. 1 root root 29548 5月 20 23:47 /tmp/123.txt
12.2 cp.get_dir 拷貝目錄
[root@linux-01 test]# cp -r /root/Python-3.6.1 ./
[root@linux-01 test]# ll -d Python-3.6.1/
drwxr-xr-x. 18 root root 4096 5月 20 23:50 Python-3.6.1/
[root@linux-01 test]# salt '*' cp.get_dir salt://Python-3.6.1 /tmp/
……過程省略……
[root@linux-01 test]# ll -d /tmp/Python-3.6.1/
drwxr-xr-x. 18 root root 4096 5月 20 23:53 /tmp/Python-3.6.1/
注意:如上所示,在拷貝目錄的時候不要在目標目錄也就是/tmp/後面再寫一個Python-3.6.1 ,否則拷貝後的目錄會在/tmp/Python-3.6.1/下面。
12.3 manage.up 顯示存活的minion
[root@linux-01 test]# salt-run manage.up
- linux-01
- linux-02
[root@linux-01 test]#
12.4 cmd.script 執行master上的shell腳本
可以使用此方法在master機器上給目標機器批量執行腳本
13. salt-ssh使用
- salt-ssh不需要對客戶端做認證,客戶端也不用安裝salt-minion,它類似於expect
- 在master上安裝 yum install -y salt-ssh
13.1 安裝salt-ssh
[root@linux-01 test]# yum install -y salt-ssh
已加載插件:fastestmirror, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 8.3 kB 00:00:00
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 1.0 MB 00:00:05
(2/2): epel/x86_64/primary_db | 6.8 MB 00:00:00
正在解決依賴關係
--> 正在檢查事務
---> 軟件包 salt-ssh.noarch.0.2015.5.10-2.el7 將被 安裝
--> 解決依賴關係完成
依賴關係解決
==========================================================================================================================================================================================================================================
Package 架構 版本 源 大小
==========================================================================================================================================================================================================================================
正在安裝:
salt-ssh noarch 2015.5.10-2.el7 epel 15 k
事務概要
==========================================================================================================================================================================================================================================
安裝 1 軟件包
總下載量:15 k
安裝大小:3.1 k
Downloading packages:
salt-ssh-2015.5.10-2.el7.noarch.rpm | 15 kB 00:00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安裝 : salt-ssh-2015.5.10-2.el7.noarch 1/1
驗證中 : salt-ssh-2015.5.10-2.el7.noarch 1/1
已安裝:
salt-ssh.noarch 0:2015.5.10-2.el7
完畢!
13.2 修改salt-ssh的配置文件
修改salt-ssh的配置文件/etc/salt/roster
[root@linux-01 test]# vim /etc/salt/roster
# Sample salt-ssh config file
#web1:
# host: 192.168.42.1 # The IP addr or DNS hostname
# user: fred # Remote executions will be executed as user fred
# passwd: foobarbaz # The password to use for login, if omitted, keys are used
# sudo: True # Whether to sudo to root, not enabled by default
#web2:
# host: 192.168.42.2
linux-01:
host: 192.168.1.232
user: root
passwd: 123qwe
linux-02:
host: 192.168.1.233
user: root
passwd: 123qwe
13.3 通過salt-ssh遠程執行命令
-
salt-ssh --key-deploy ‘*’ -r ‘w’ //第一次執行的時候會自動把本機的公鑰放到對方機器上,然後就可以把roster裏面的密碼去掉咯;
-
出現以下圖中的錯誤,我們是不是需要在第一次ssh登錄服務器的時候,需要輸入一個yes,這樣就可以解決我們的問題咯。
[root@linux-01 test]# ssh 192.168.1.233
The authenticity of host '192.168.1.233 (192.168.1.233)' can't be established.
ECDSA key fingerprint is SHA256:qkOCQ1F0B7lBYD5h+P14aeopz1uhsvUABYq55dgU1FM.
ECDSA key fingerprint is MD5:d8:10:97:52:db:5c:7b:0a:c7:0e:46:1b:cb:be:68:7a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.233' (ECDSA) to the list of known hosts.
[email protected]'s password:
[root@linux-01 test]# salt-ssh --key-deploy '*' -r 'w'
linux-02:
----------
retcode:
0
stderr:
stdout:
[email protected]'s password:
00:20:06 up 82 days, 7:09, 3 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 282月20 82days 0.02s 0.02s -bash
root pts/0 192.168.1.6 23:08 26:30 0.01s 0.01s -bash
root pts/1 192.168.1.246 17:08 5:15m 0.21s 0.21s -bash
linux-01:
----------
retcode:
0
stderr:
stdout:
[email protected]'s password:
00:20:06 up 6:54, 2 users, load average: 0.01, 0.04, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.246 18:10 5:42m 0.08s 0.08s -bash
root pts/1 192.168.1.6 23:08 6.00s 0.99s 0.00s /usr/bin/python /usr/bin/salt-ssh --key-deploy * -r w
我們現在先刪除配置文件的密碼,在執行一次命令測試下。
[root@linux-01 test]# vim /etc/salt/roster
# Sample salt-ssh config file
#web1:
# host: 192.168.42.1 # The IP addr or DNS hostname
# user: fred # Remote executions will be executed as user fred
# passwd: foobarbaz # The password to use for login, if omitted, keys are used
# sudo: True # Whether to sudo to root, not enabled by default
#web2:
# host: 192.168.42.2
linux-01:
host: 192.168.1.232
user: root
linux-02:
host: 192.168.1.233
user: root
發現在遠程執行命令的時候,去掉密碼會卡住不動,所以我們需要使用ssh-key生成一個公鑰,把這個公鑰推送給客戶端。
[root@linux-01 test]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hs4xeHWCsVd2NcU/WQmV8aoodPEFU/MFXv1g9bQTys8 root@linux-01
The key's randomart image is:
+---[RSA 2048]----+
| . o ++OO@|
| + o ..++OX|
| o + o +o+O|
| . + o o .o++|
| . = S . . .E.|
| + = . . . |
| o . . . |
| . |
| |
+----[SHA256]-----+
[root@linux-01 test]# ssh-copy-id -i /root/.ssh/ root@linux-01
authorized_keys id_rsa id_rsa.pub known_hosts
[root@linux-01 test]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@linux-01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@linux-01's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@linux-01'"
and check to make sure that only the key(s) you wanted were added.
[root@linux-01 test]# ssh linux-01
Last login: Thu May 21 00:41:45 2020 from 192.168.1.232
[root@linux-01 ~]# exit
登出
Connection to linux-01 closed.
[root@linux-01 test]# salt-ssh 'linux-01' -r 'w'
linux-01:
----------
retcode:
0
stderr:
stdout:
00:46:20 up 7:21, 2 users, load average: 0.25, 0.07, 0.06
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.246 18:10 6:08m 0.08s 0.08s -bash
root pts/1 192.168.1.6 23:08 4.00s 1.16s 0.00s /usr/bin/python /usr/bin/salt-ssh linux-01 -r w
同樣的方法可以把公鑰推送給linux-02
[root@linux-01 test]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@linux-02
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@linux-02's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@linux-02'"
and check to make sure that only the key(s) you wanted were added.
[root@linux-01 test]# salt-ssh '*' -r 'date'
linux-02:
----------
retcode:
0
stderr:
stdout:
2020年 05月 21日 星期四 00:47:27 CST
linux-01:
----------
retcode:
0
stderr:
stdout:
2020年 05月 21日 星期四 00:47:27 CST