saltstacks簡介
saltstack是一個功能強大的自動化運維軟件。
有三種模式
1)本地模式(local),不需要啓動進程,只要配置文件就可以寫出來
2)master minion 模式
3)代理模式(syndic)
4)ssh模式
我們本次主要使用的是master minion模式
master –> minion 模式:
master默認—->監聽本地所有網絡接口
長連接
發佈訂閱系統:4505端口
minion端只做訂閱(pub推送、sub接收)
4506端口:專門用於接收minion端的返回值
saltstack工具的簡單使用:
1.yum倉庫的搭建:
vim /etc/yum.repos.d/rhel-source.repo [rhel6.5]
name=Red Hat
baseurl=http://172.25.254.40/rhel6.5
gpgcheck=0
[salt]
name=salt
baseurl=ftp://172.25.254.250/pub/docs/saltstack/rhel6
gpgcheck=0yum倉庫中新增加的文件有
PyYAML-3.11-1.el6.x86_64.rpm
libyaml-0.1.3-4.el6.x86_64.rpm
python-babel-0.9.4-5.1.el6.noarch.rpm
python-backports-1.0-5.el6.x86_64.rpm
python-backports-ssl_match_hostname-3.4.0.2-2.el6.noarch.rpm
python-chardet-2.2.1-1.el6.noarch.rpm
python-cherrypy-3.2.2-4.el6.noarch.rpm
python-crypto-2.6.1-3.el6.x86_64.rpm
python-crypto-debuginfo-2.6.1-3.el6.x86_64.rpm
python-enum34-1.0-4.el6.noarch.rpm
python-futures-3.0.3-1.el6.noarch.rpm
python-impacket-0.9.14-1.el6.noarch.rpm
python-jinja2-2.8.1-1.el6.noarch.rpm
python-msgpack-0.4.6-1.el6.x86_64.rpm
python-ordereddict-1.1-2.el6.noarch.rpm
python-requests-2.6.0-3.el6.noarch.rpm
python-setproctitle-1.1.7-2.el6.x86_64.rpm
python-six-1.9.0-2.el6.noarch.rpm
python-tornado-4.2.1-1.el6.x86_64.rpm
python-urllib3-1.10.2-1.el6.noarch.rpm
python-zmq-14.5.0-2.el6.x86_64.rpm
repodata
salt-2016.11.3-1.el6.noarch.rpm
salt-api-2016.11.3-1.el6.noarch.rpm
salt-cloud-2016.11.3-1.el6.noarch.rpm
salt-master-2016.11.3-1.el6.noarch.rpm
salt-minion-2016.11.3-1.el6.noarch.rpm
salt-ssh-2016.11.3-1.el6.noarch.rpm
salt-syndic-2016.11.3-1.el6.noarch.rpm
zeromq-4.0.5-4.el6.x86_64.rpm隨後在幾個主機之間做好解析
vim /etc/hosts
4 172.25.254.143 server2
5 172.25.254.145 server3
6 172.25.254.146 server5在兩個minion端
安裝minion
yum install salt-minion -y修改配置文件
vim /etc/salt/master
16 master: server2 #修改爲master主機名開啓服務
/etc/init.d/salt-minion start master端
修改配置文件如下
vim /etc/salt/master
534 file_roots:
535 base:
536 - /srv/saltsalt '*' test.ping #查看並發現minion主機
salt-key -A #添加認證
salt-key -L #查看已經認證的minion主機Accepted Keys:
server3
server5
Denied Keys:
Unaccepted Keys:
Rejected Keys:校驗碼的查看(判別文件是否更改)
cd /etc/salt/pki/master/
md5sum master.pub6320641fbe72d9f9b4fc43cef7cd33da master.pubcd
md5sum minion/minion_master.pub 6320641fbe72d9f9b4fc43cef7cd33da minion/minion_master.pub
相互交換公鑰用來做加密解密
使用YAML語言來編寫運維腳本
實例:apache的安裝腳本
httpd:
pkg.installed
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- require:
- pkg: httpd
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf安裝檢測:
salt server3 state.sls httpd.apache 實例:nginx的安裝腳本:
nginx-install:
user.present:
- name: nginx
- uid: 800
- shell: /sbin/nologin
- createhome: False
- home: /usr/local/nginx
pkg.installed:
- pkgs:
- gcc
- openssl-devel
- pcre-devel
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module && make && make install
- creates: /usr/local/nginx
- require:
- pkg: nginx-install
- file: nginx-install
- user: nginx-install安裝檢測:
salt server3 state.sls nginx.install