saltstack搭建:
saltstack是一个基础设施管理工具,保持了输入输出,配置文件的一致性,所有文件均使用了YAML格式,主要负责配置管理和远程执行。
三大功能:
远程执行命令,配置管理,云管理
saltstack是一主多从结构。
server1为主,server3/4为从
首先下好依赖包,或者是在安装时一步一步解决依赖性,比较复杂。
[root@server1 salt]# ls
libyaml-0.1.3-4.el6.x86_64.rpm
pciutils-3.1.10-4.el6.x86_64.rpm
pciutils-libs-3.1.10-4.el6.x86_64.rpm
python-babel-0.9.4-5.1.el6.noarch.rpm
python-backports-1.0-5.el6.x86_64.rpm
python-backports-ssl_match_hostname-3.4.0.2-2.el6.noarch.rpm
python-chardet-2.2.1-1.el6.noarch.rpm
python-cherrypy-3.2.2-4.el6.noarch.rpm
python-crypto-2.6.1-3.el6.x86_64.rpm
python-futures-3.0.3-1.el6.noarch.rpm
python-jinja2-2.8.1-1.el6.noarch.rpm
python-libcloud-0.20.0-1.el6.noarch.rpm
python-markupsafe-0.11-10.el6.x86_64.rpm
python-msgpack-0.4.6-1.el6.x86_64.rpm
python-ordereddict-1.1-2.el6.noarch.rpm
python-requests-2.6.0-3.el6.noarch.rpm
python-six-1.9.0-2.el6.noarch.rpm
python-tornado-4.2.1-1.el6.x86_64.rpm
python-urllib3-1.10.2-1.el6.noarch.rpm
python-zmq-14.5.0-2.el6.x86_64.rpm
PyYAML-3.11-1.el6.x86_64.rpm
salt-2016.11.3-1.el6.noarch.rpm
salt-api-2016.11.3-1.el6.noarch.rpm
salt-cloud-2016.11.3-1.el6.noarch.rpm
salt-master-2016.11.3-1.el6.noarch.rpm
salt-minion-2016.11.3-1.el6.noarch.rpm
salt-ssh-2016.11.3-1.el6.noarch.rpm
salt-syndic-2016.11.3-1.el6.noarch.rpm
yum-3.2.29-60.el6.noarch.rpm
yum-utils-1.1.30-30.el6.noarch.rpm
zeromq-4.0.5-4.el6.x86_64.rpm
[root@server2 salt]#
解决依赖性之后就可以安装.
安装master
[root@server1 salt]# ls |wc -l
31
[root@server1 salt]# yum install -y *
安装minion
安装minion要把和主相关的文件删除,不然minion无法启动。
[root@server3 salt]# ls |wc -l
27
[root@server3 salt]# yum install -y *
************
注意:所有修改必须添加两个空格,这是格式,不然会报错
修改master配置:
vim /etc/salt/master
修改接口interface为自己的IP
[root@server1 salt]# cat /etc/salt/master|grep ‘interface‘
# The address of the interface to bind to:
interface: 172.25.33.1
# the interface option must be adjusted, too. (For example: "interface: ‘::‘")
# The port used by the communication interface. The ret (return) port is the
# interface used for the file server, authentication, job returns, etc.
# The publisher interface ZeroMQPubServerChannel
# masters‘ syndic interfaces.
# The example below enables minion foo.example.com to get ‘network.interfaces‘ mine
# - network.interfaces
修改minion配置:
vim /etc/salt/minion
修改master为master 的IP
[root@server3 salt]# cat /etc/salt/minion|grep ‘^ master‘
master: 172.25.33.1285
#auto_accept: False 是否接受自动认证。
启动服务。启动主服务。
[root@server1 salt]# service salt-master start
Starting salt-master daemon: [ OK ]
启动minino服务
[root@server3 salt]# service salt-minion start
Starting salt-minion:root:server3.example.com daemon: OK
此时可可以在master 端查看到minion列表
[root@server1 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server3.example.com
Rejected Keys:
minion在第一次启动时会在/etc/salt/pki/minion(可以在/etc/salt/minion里设置。)生成key文件,在启动时将minion.pub发送给master
total 12
-rw-r--r-- 1 root root 450 Mar 13 11:09 minion_master.pub
-r-------- 1 root root 1674 Mar 13 10:59 minion.pem
-rw-r--r-- 1 root root 450 Mar 13 10:59 minion.pub
master在接受到minino的public key 后通过salt-key命令接受minion的public key,这样,就可以对minion发送指令了。
接受所有的key
[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server3.example.com
Proceed? [n/Y] Y
Key for minion server3.example.com accepted.
[root@server1 salt]# salt-key -L
Accepted Keys:
server3.example.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
-a :accept ,-A:accept-all,-d:delete,-D:delete-all。可以使用 salt-key 命令查看到已经签名的客户端
向Minion发送测试:
[root@server1 salt]# salt ‘*‘ test.ping
server3.example.com:
True
至此,简单的saltstack搭建已经完成。
saltstack master 启动后会默认监控4505和4506端口,4505是salt的消息发送端口。4506是master 和minion的通信端口。
[root@server3 salt]# netstat -antlp |grep 4505
tcp 0 0 172.25.33.3:42094 172.25.33.1:4505 ESTABLISHED 1485/python2.6
[root@server3 salt]# netstat -antlp |grep 4506
[root@server3 salt]#
[root@server1 salt]# netstat -antlp |grep 4505
tcp 0 0 172.25.33.1:4505 0.0.0.0:* LISTEN 1101/python2.6
tcp 0 0 172.25.33.1:4505 172.25.33.3:42094 ESTABLISHED 1101/python2.6
[root@server1 salt]# netstat -antlp |grep 4506
tcp 0 0 172.25.33.1:4506 0.0.0.0:* LISTEN 1108/python2.6
查看minion的磁盘使用情况:
[root@server1 salt]# salt ‘*‘ disk.usage
server3.example.com:
----------
/:
----------
1K-blocks:
19134332
available:
15249116
capacity:
17%
filesystem:
/dev/mapper/VolGroup-lv_root
used:
2913236
/boot:
----------
1K-blocks:
495844
available:
436777
capacity:
8%
filesystem:
/dev/vda1
used:
33467
/dev/shm:
----------
1K-blocks:
251136
available:
251120
capacity:
1%
filesystem:
tmpfs
used:
16
[root@server1 salt]#
查看minion的文件。
[root@server1 salt]# salt ‘*‘ cmd.run "cat /etc/passwd" //*是minion的id,可以在minion中的id项设定,同时支持正则匹配。
server3.example.com:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/no
在master配置文件中还可以对Minion进行分组:
1005 ##### Node Groups ######
1006 ##########################################
1007 # Node groups allow for logical groupings of minion nodes. A group cons ists of
1008 # a group name and a compound target. Nodgroups can reference other nod egroups
1009 # with ‘N@‘ classifier. Ensure that you do not have circular references .
1010 #
1011 #nodegroups:
1012 # group1: ‘L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domai n.com‘
1013 # group2: ‘G@os:Debian and foo.domain.com‘
1014 # group3: ‘G@os:Debian and N@group1‘
配置管理apache
[root@server1 salt]# vim /etc/salt/master
524 file_roots:
525 base:
526 - /srv/salt/
/srv/salt/目录在系统中并不存在,需要自己创建
[root@server1 salt]# mkdir /srv/salt
[root@server1 salt]# cd /srv/salt/
[root@server1 salt]# ls
[root@server1 salt]# vim /etc/salt/master
[root@server1 salt]# ls
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# vim top.sls
[root@server1 salt]# vim apache.sls
[root@server1 salt]# cat top.sls
base:
‘server3.example.com‘
-apache
[root@server1 salt]# cat apache.sls
apache-service:
pkg.instlled:
-names://如果是一个服务,可以使用,-name:httpd
-httpd
-httpd-devel
service running:
-name:httpd
-enable:Ture
[root@server1 salt]# service salt-master restart
Stopping salt-master daemon: [FAILED]//报错原因:格式错误,未留两个空格
Starting salt-master daemon: [ OK ]
执行命令:
[root@server1 salt]# salt ‘server3.example.com‘ state.highstate
server3.example.com:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or external nodes data matches found.
Changes:
Summary for server3.example.com
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
ERROR: Minions returned with non-zero exit code
[root@server1 salt]# tree /srv/salt/
/srv/salt/
├── apache.sls
└── top.sls
0 directories, 2 files
[root@server1 salt]# cat apache.sls
apache-service:
pkg.installed:
- name: httpd
service.running:
- name: httpd
- enable: True
[root@server1 salt]# cat top.sls
base:
‘*‘:
- apache
[root@server1 ~]# salt ‘server3.example.com‘ state.highstate
server3.example.com:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 17:20:56.277491
Duration: 10208.904 ms
Changes:
----------
httpd:
----------
new:
2.2.15-29.el6_4
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 17:21:06.493284
Duration: 322.954 ms
Changes:
----------
httpd:
True
Summary for server3.example.com
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 10.532 s
[root@server3 ~]# service httpd status
httpd (pid 2055) is running...
原文:http://12237658.blog.51cto.com/12227658/1908152