SaltStack底层网络架构采用ZeroMQ 实现。SaltStack项目的设计初衷是为了实现一个快速的远程执行系统,后来在研发过程中不断加入新的功能,逐渐形成如今的Salt。
角色:
master:中心控制系统
minion:被管理客户端
安装SaltStack存储库和密钥:
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
salt-master安装salt-master
yum install –y salt-master
systemctl start salt-master
systemctl enable salt-master
salt-minion安装salt-minion
yum install –y salt-minion
salt-minion指定master的IP地址
vim /etc/salt/minion
16 master: 192.168.200.105
启动:
systemctl start salt-minion
systemctl enable salt-minion
salt-master和salt-minion首次启动会生成一个公钥和私钥/etc/salt/pki/master/master.pem、master.pub /etc/salt/pki/minion/minion.pub、minion.pem
并且会把公钥发送给salt-master。审核通过后salt-minion会收到salt-master的公钥
salt-master默认监听4505和4506端口,4505提供远程执行命令发送功能;4506支持认证、文件服务、结果收集等功能
ss -ntlu | egrep ‘(4505|4506)‘
tcp LISTEN 0 128 *:4505 *:*
tcp LISTEN 0 128 *:4506 *:*
查看minion发送的秘钥
salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
a4.a.com
a6.a.com
Rejected Keys:
接受秘钥:
salt-key -a *.a.com
The following keys are going to be accepted:
Unaccepted Keys:
a4.a.com
a6.a.com
Proceed? [n/Y] Y
Key for minion a4.a.com accepted.
Key for minion a6.a.com accepted.
salt远程执行命令:
探测远程主机是否存活
salt ‘*‘ test.ping
a4.a.com:
True
a6.a.com:
True
‘*‘ 通配符代表所有minion主机(?代表任意一个字符),test为模块,ping为模块的方法
salt ‘*‘ cmd.run ‘w‘
a6.a.com:
13:27:18 up 7 min, 1 user, load average: 0.11, 0.35, 0.22
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.200.1 13:21 2:14 0.07s 0.07s -bash
a4.a.com:
13:27:18 up 7 min, 1 user, load average: 0.05, 0.27, 0.18
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.200.1 13:21 2:22 0.06s 0.06s -bash
安装程序包
salt-master取消611-613行的注释
vim /etc/salt/master
611 file_roots:
612 base:
613 - /srv/salt
mkdir -p /srv/salt
systemctl restart salt-master
vim /srv/salt/apache.sls (格式要求严格,不要用TAB键)
apache-install: pkg.installed: - names: - httpd - httpd-devel apache-service: service.running: - name: httpd - enable: True - reload: True
执行:
salt ‘*‘ state.sls apache
a6.a.com: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: The following packages were installed/updated: httpd Started: 13:30:06.243921 Duration: 81453.566 ms Changes: ---------- apr: ---------- new: 1.4.8-3.el7_4.1 old: apr-util: ---------- new: 1.5.2-6.el7 old: httpd: ---------- new: 2.4.6-67.el7.centos.6 old: httpd-tools: ---------- new: 2.4.6-67.el7.centos.6 old: mailcap: ---------- new: 2.1.41-2.el7 old: ---------- ID: apache-install Function: pkg.installed Name: httpd-devel Result: True Comment: The following packages were installed/updated: httpd-devel Started: 13:31:27.736835 Duration: 24587.565 ms Changes: ---------- apr-devel: ---------- new: 1.4.8-3.el7_4.1 old: apr-util-devel: ---------- new: 1.5.2-6.el7 old: cyrus-sasl: ---------- new: 2.1.26-21.el7 old: cyrus-sasl-devel: ---------- new: 2.1.26-21.el7 old: cyrus-sasl-lib: ---------- new: 2.1.26-21.el7 old: 2.1.26-20.el7_2 cyrus-sasl-plain: ---------- new: 2.1.26-21.el7 old: 2.1.26-20.el7_2 expat: ---------- new: 2.1.0-10.el7_3 old: 2.1.0-8.el7 expat-devel: ---------- new: 2.1.0-10.el7_3 old: httpd-devel: ---------- new: 2.4.6-67.el7.centos.6 old: libdb: ---------- new: 5.3.21-21.el7_4 old: 5.3.21-19.el7 libdb-devel: ---------- new: 5.3.21-21.el7_4 old: libdb-utils: ---------- new: 5.3.21-21.el7_4 old: 5.3.21-19.el7 openldap: ---------- new: 2.4.44-5.el7 old: 2.4.40-13.el7 openldap-devel: ---------- new: 2.4.44-5.el7 old: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd has been enabled, and is running Started: 13:31:54.055923 Duration: 8215.715 ms Changes: ---------- httpd: True Summary for a6.a.com ------------ Succeeded: 3 (changed=3) Failed: 0 ------------ Total states run: 3 Total run time: 114.257 s a4.a.com: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: The following packages were installed/updated: httpd Started: 13:30:06.206829 Duration: 97351.205 ms Changes: ---------- apr: ---------- new: 1.4.8-3.el7_4.1 old: apr-util: ---------- new: 1.5.2-6.el7 old: httpd: ---------- new: 2.4.6-67.el7.centos.6 old: httpd-tools: ---------- new: 2.4.6-67.el7.centos.6 old: mailcap: ---------- new: 2.1.41-2.el7 old: ---------- ID: apache-install Function: pkg.installed Name: httpd-devel Result: True Comment: The following packages were installed/updated: httpd-devel Started: 13:31:43.609145 Duration: 25883.118 ms Changes: ---------- apr-devel: ---------- new: 1.4.8-3.el7_4.1 old: apr-util-devel: ---------- new: 1.5.2-6.el7 old: cyrus-sasl: ---------- new: 2.1.26-21.el7 old: cyrus-sasl-devel: ---------- new: 2.1.26-21.el7 old: cyrus-sasl-lib: ---------- new: 2.1.26-21.el7 old: 2.1.26-20.el7_2 cyrus-sasl-plain: ---------- new: 2.1.26-21.el7 old: 2.1.26-20.el7_2 expat: ---------- new: 2.1.0-10.el7_3 old: 2.1.0-8.el7 expat-devel: ---------- new: 2.1.0-10.el7_3 old: httpd-devel: ---------- new: 2.4.6-67.el7.centos.6 old: libdb: ---------- new: 5.3.21-21.el7_4 old: 5.3.21-19.el7 libdb-devel: ---------- new: 5.3.21-21.el7_4 old: libdb-utils: ---------- new: 5.3.21-21.el7_4 old: 5.3.21-19.el7 openldap: ---------- new: 2.4.44-5.el7 old: 2.4.40-13.el7 openldap-devel: ---------- new: 2.4.44-5.el7 old: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd has been enabled, and is running Started: 13:32:11.081391 Duration: 6256.779 ms Changes: ---------- httpd: True Summary for a4.a.com ------------ Succeeded: 3 (changed=3) Failed: 0 ------------ Total states run: 3 Total run time: 129.491 s
查看已安装软件包信息
salt ‘a4.a.com‘ pkg.version ‘httpd‘
a4.a.com:
2.4.6-67.el7.centos.6
删除已安装的软件包
salt ‘a4.a.com‘ pkg.remove ‘httpd‘
a4.a.com:
----------
httpd:
----------
new:
old:
2.4.6-67.el7.centos.6
httpd-devel:
----------
new:
old:
2.4.6-67.el7.centos.6
saltstack状态管理:
vim /srv/salt/top.sls
base: ‘*‘: - apache
执行:
salt ‘*‘ state.highstate
a4.a.com: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: All specified packages are already installed Started: 13:34:53.326319 Duration: 1044.654 ms Changes: ---------- ID: apache-install Function: pkg.installed Name: httpd-devel Result: True Comment: All specified packages are already installed Started: 13:34:54.371290 Duration: 0.772 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: The service httpd is already running Started: 13:34:54.373002 Duration: 41.928 ms Changes: Summary for a4.a.com ------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3 Total run time: 1.087 s a6.a.com: ---------- ID: apache-install Function: pkg.installed Name: httpd Result: True Comment: All specified packages are already installed Started: 13:34:53.335898 Duration: 1028.702 ms Changes: ---------- ID: apache-install Function: pkg.installed Name: httpd-devel Result: True Comment: All specified packages are already installed Started: 13:34:54.364850 Duration: 0.754 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: The service httpd is already running Started: 13:34:54.366478 Duration: 64.824 ms Changes: Summary for a6.a.com ------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3 Total run time: 1.094 s
