码迷,mamicode.com
首页 > 其他好文 > 详细

SaltStack 自动化运维实战

时间:2020-03-09 11:51:12      阅读:88      评论:0      收藏:0      [点我收藏+]

标签:ada   rom   pass   service   slice   sudo   onstop   ddr   XSA   

最新版实战 Latest release: 3000 (February 10, 2020)

参考saltStack官方文档
ON THE SALT MASTER
Run these commands on the system that you want to use as the central management point.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M
Your Salt master can manage itself, so a Salt minion is installed along with the Salt master. If you do not want to install the minion, also pass the -N option.

ON EACH SALT MINION
Run these commands on each system that you want to manage using Salt.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P

实战配置服务器如下

master    192.168.0.120  centos120 
node1     192.168.0.121  centos121
node2      192.168.0.122  centos122

以上三台服务均关闭selinux ,firewalld,设置/etc/hosts ,也就是它们可以hostname相互访问,且可以访问互联网,这些简单操作就不在这里展示步骤了。

1.下面开始安装
在master 端

[root@centos120 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  283k  100  283k    0     0  51683      0  0:00:05  0:00:05 --:--:-- 70732

[root@centos120 ~]# ll install_salt.sh 
-rw-r--r-- 1 root root 290571 Mar  8 13:09 install_salt.sh
[root@centos120 ~]# 

[root@centos120 ~]# sh install_salt.sh -P -M
 *  INFO: Running version: 2020.02.24
 *  INFO: Executed by: sh
 *  INFO: Command line: ‘install_salt.sh -P -M‘

 *  INFO: System Information:
 *  INFO:   CPU:          GenuineIntel
 *  INFO:   CPU Arch:     x86_64
 *  INFO:   OS Name:      Linux
 *  INFO:   OS Version:   3.10.0-957.el7.x86_64
 *  INFO:   Distribution: CentOS 7.6

 *  INFO: Installing minion
 *  INFO: Installing master
 *  INFO: Found function install_centos_stable_deps
 *  INFO: Found function config_salt
 *  INFO: Found function preseed_master
 *  INFO: Found function install_centos_stable
 *  INFO: Found function install_centos_stable_post
 *  INFO: Found function install_centos_restart_daemons
 *  INFO: Found function daemons_running
 *  INFO: Found function install_centos_check_services
 *  INFO: Running install_centos_stable_deps()

.......

Installed:
  salt-master.noarch 0:3000-1.el7        salt-minion.noarch 0:3000-1.el7       

Dependency Installed:
  libsodium.x86_64 0:1.0.18-1.el7                                               
  libtomcrypt.x86_64 0:1.17-26.el7                                              
  libtommath.x86_64 0:0.42.0-6.el7                                              
  openpgm.x86_64 0:5.2.122-2.el7                                                
  python-babel.noarch 0:0.9.6-8.el7                                             
  python-backports_abc.noarch 0:0.5-11.el7                                      
  python-jinja2.noarch 0:2.7.2-4.el7                                            
  python-markupsafe.x86_64 0:0.11-10.el7                                        
  python-requests.noarch 0:2.6.0-8.el7_7                                        
  python-singledispatch.noarch 0:3.4.0.3-16.el7                                 
  python-six.noarch 0:1.9.0-2.el7                                               
  python-urllib3.noarch 0:1.10.2-7.el7                                          
  python-zmq.x86_64 0:15.3.0-3.el7                                              
  python2-crypto.x86_64 0:2.6.1-16.el7                                          
  python2-futures.noarch 0:3.1.1-5.el7                                          
  python2-msgpack.x86_64 0:0.6.2-2.el7                                          
  python2-psutil.x86_64 0:5.6.7-1.el7                                           
  salt.noarch 0:3000-1.el7                                                      
  systemd-python.x86_64 0:219-67.el7_7.3                                        
  zeromq.x86_64 0:4.1.4-7.el7                                                   

Dependency Updated:
  python-setuptools.noarch 0:36.6.0-2.ius.el7                                   
  systemd.x86_64 0:219-67.el7_7.3                                               
  systemd-libs.x86_64 0:219-67.el7_7.3                                          
  systemd-sysv.x86_64 0:219-67.el7_7.3                                          

Complete!
 *  INFO: Running install_centos_stable_post()
 *  INFO: Running install_centos_check_services()
 *  INFO: Running install_centos_restart_daemons()
 *  INFO: Running daemons_running()
 *  INFO: Salt installed!
[root@centos120 ~]# 

从上面可以知道其安装了那些包,到此处master 端安装成功,也就是管理节点。

  1. 下面开始安装minion节点,也就是需要管理的节点(在生产环境中,如web服务节点,数据库节点,存储节点,这些需要批量发布代码,配置等等服务器)
[root@centos121 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh

[root@centos121 ~]# ll  install_salt.sh
-rw-r--r-- 1 root root 290571 Mar  8 13:13 install_salt.sh
[root@centos121 ~]# 

[root@centos121 ~]# sh install_salt.sh -P
*  INFO: Running version: 2020.02.24
 *  INFO: Executed by: sh
 *  INFO: Command line: ‘install_salt.sh -P‘

 *  INFO: System Information:
 *  INFO:   CPU:          GenuineIntel
 *  INFO:   CPU Arch:     x86_64
 *  INFO:   OS Name:      Linux
 *  INFO:   OS Version:   3.10.0-957.el7.x86_64
 *  INFO:   Distribution: CentOS 7.6

 *  INFO: Installing minion
 *  INFO: Found function install_centos_stable_deps
 *  INFO: Found function config_salt
 *  INFO: Found function preseed_master
 *  INFO: Found function install_centos_stable
 *  INFO: Found function install_centos_stable_post
 *  INFO: Found function install_centos_restart_daemons
 *  INFO: Found function daemons_running
 *  INFO: Found function install_centos_check_services
 *  INFO: Running install_centos_stable_deps()
 .............
 Installed:
  salt-minion.noarch 0:3000-1.el7                                               

Dependency Installed:
  libsodium.x86_64 0:1.0.18-1.el7                                               
  libtomcrypt.x86_64 0:1.17-26.el7                                              
  libtommath.x86_64 0:0.42.0-6.el7                                              
  openpgm.x86_64 0:5.2.122-2.el7                                                
  python-babel.noarch 0:0.9.6-8.el7                                             
  python-backports.x86_64 0:1.0-8.el7                                           
  python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7                    
  python-backports_abc.noarch 0:0.5-11.el7                                      
  python-ipaddress.noarch 0:1.0.16-2.el7                                        
  python-jinja2.noarch 0:2.7.2-4.el7                                            
  python-markupsafe.x86_64 0:0.11-10.el7                                        
  python-requests.noarch 0:2.6.0-8.el7_7                                        
  python-setuptools.noarch 0:36.6.0-2.ius.el7                                   
  python-singledispatch.noarch 0:3.4.0.3-16.el7                                 
  python-six.noarch 0:1.9.0-2.el7                                               
  python-urllib3.noarch 0:1.10.2-7.el7                                          
  python-zmq.x86_64 0:15.3.0-3.el7                                              
  python2-crypto.x86_64 0:2.6.1-16.el7                                          
  python2-futures.noarch 0:3.1.1-5.el7                                          
  python2-msgpack.x86_64 0:0.6.2-2.el7                                          
  python2-psutil.x86_64 0:5.6.7-1.el7                                           
  salt.noarch 0:3000-1.el7                                                      
  systemd-python.x86_64 0:219-67.el7_7.3                                        
  zeromq.x86_64 0:4.1.4-7.el7                                                   

Dependency Updated:
  systemd.x86_64 0:219-67.el7_7.3        systemd-libs.x86_64 0:219-67.el7_7.3  
  systemd-sysv.x86_64 0:219-67.el7_7.3  

Complete!
 *  INFO: Running install_centos_stable_post()
 *  INFO: Running install_centos_check_services()
 *  INFO: Running install_centos_restart_daemons()
 *  INFO: Running daemons_running()
 *  INFO: Salt installed!
[root@centos121 ~]# 

同理centos122节点minion,到此处minion 端安装完成。

3.下面开始配置
配置之前需要了解的知识点:

saltstack简单介绍
Saltstack是一种全新的基础设施管理方式,是一个服务器基础架构集中化管理平台,几分钟内便可运行起来,速度够快,服务器之间秒级通讯,扩展性好,很容易批量管理上万台服务器,显著降低人力与运维成本;它具备配置管理、远程执行、监控等功能,一般可以理解为简化版的puppet和加强版的func;通过部署SaltStack环境,可以在成千上万台服务器上做到批量执行命令,根据不同业务特性进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)(SaltStack的通信模式总共分为2种模式:ZeroMQ、REAT,鉴于REAT目前还不是太稳定,通常会选择ZeroMQ模式)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。

Saltstack运行模式:

Local:本地,一台机器玩,不建议。

Master/Minion:通过server/agent的方式进行管理,效率很高(批量管理1000台机器,25秒搞定)。

Salt SSH:通过SSH方式进行管理,效率相对来说比较低(批量管理1000台机器,83秒搞定)。

Saltstack三大功能:

远程执行(执行远程命令)

配置管理(状态管理)

云管理

Saltstack特征:
1)部署简单、方便;
2)支持大部分UNIX/Linux及Windows环境;
3)主从集中化管理;
4)配置简单、功能强大、扩展性强;
5)主控端(master)和被控端(minion)基于证书认证,安全可靠;
6)支持API及自定义模块,可通过Python轻松扩展。

技术图片

Master与Minion认证:
1)minion在第一次启动时,会在/etc/salt/pki/minion/(该路径在/etc/salt/minion里面设置)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。

2)master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的 public key,然后master就能对minion发送指令了。

Master与Minion的连接:
1)SaltStack master启动后默认监听4505和4506两个端口。4505(publish_port)为saltstack的消息发布系统,4506(ret_port)为saltstack客户端与服务端通信的端口。如果使用lsof 查看4505端口,会发现所有的minion在4505端口持续保持在ESTABLISHED状态。

技术图片

2)minion与master之间的通信模式如下:

技术图片

现在开始配置,

先查看服务端安装了那些文件:

[root@centos120 ~]# ll /etc/salt/
total 132
-rw------- 1 root root  2927 Feb  2 07:15 cloud
drwx------ 2 root root     6 Feb  5 02:46 cloud.conf.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.deploy.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.maps.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.profiles.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.providers.d
-rw-r----- 1 root root 51534 Feb  2 07:15 master
drwxr-xr-x 2 root root     6 Feb  5 02:46 master.d
-rw-r----- 1 root root 37370 Feb  2 07:15 minion
drwxr-xr-x 2 root root     6 Feb  5 02:46 minion.d
-rw-r--r-- 1 root root     9 Mar  8 13:13 minion_id
drwxr-xr-x 4 root root    34 Mar  8 13:13 pki
-rw-r----- 1 root root 28289 Feb  2 07:15 proxy
drwxr-xr-x 2 root root     6 Feb  5 02:46 proxy.d
-rw-r----- 1 root root   344 Feb  2 07:15 roster
[root@centos120 ~]# 

minion 端安装了什么文件

[root@centos121 ~]# ll /etc/salt/
total 132
-rw------- 1 root root  2927 Feb  2 07:15 cloud
drwx------ 2 root root     6 Feb  5 02:46 cloud.conf.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.deploy.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.maps.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.profiles.d
drwx------ 2 root root     6 Feb  5 02:46 cloud.providers.d
-rw-r----- 1 root root 51534 Feb  2 07:15 master
drwxr-xr-x 2 root root     6 Feb  5 02:46 master.d
-rw-r----- 1 root root 37370 Feb  2 07:15 minion
drwxr-xr-x 2 root root     6 Feb  5 02:46 minion.d
-rw-r--r-- 1 root root     9 Mar  8 13:45 minion_id
drwxr-xr-x 4 root root    34 Mar  8 13:45 pki
-rw-r----- 1 root root 28289 Feb  2 07:15 proxy
drwxr-xr-x 2 root root     6 Feb  5 02:46 proxy.d
-rw-r----- 1 root root   344 Feb  2 07:15 roster
[root@centos121 ~]# 

配置主控端:

[root@centos120 salt]# cp -p master master.bk.20200308
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308 
15c15
< interface: 192.168.0.120
---
> #interface: 0.0.0.0
[root@centos120 salt]# 

配置minion端,一共有3个minion:

[root@centos120 salt]# cp -p minion minion.bk.20200308
[root@centos120 salt]# diff minion minion.bk.20200308 
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos120 salt]# 

[root@centos121 salt]# cp -p minion minion.bk.20200308
[root@centos121 salt]# diff minion minion.bk.20200308 
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos121 salt]# 
[root@centos122 salt]# cp -p minion minion.bk.20200308
[root@centos122 salt]# diff minion minion.bk.20200308 
16c16
< master: 192.168.0.120
---
> #master: salt
[root@centos122 salt]# 

启动master端 服务:

[root@centos120 salt]# systemctl start salt-master
[root@centos120 salt]# systemctl status  salt-master
● salt-master.service - The Salt Master Server
   Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-03-08 13:13:55 CST; 1h 3min ago
     Docs: man:salt-master(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 8295 (salt-master)
   CGroup: /system.slice/salt-master.service
           ├─8295 /usr/bin/python /usr/bin/salt-master
           ├─8302 /usr/bin/python /usr/bin/salt-master
           ├─8321 /usr/bin/python /usr/bin/salt-master
           ├─8323 /usr/bin/python /usr/bin/salt-master
           ├─8326 /usr/bin/python /usr/bin/salt-master
           ├─8327 /usr/bin/python /usr/bin/salt-master
           ├─8328 /usr/bin/python /usr/bin/salt-master
           ├─8329 /usr/bin/python /usr/bin/salt-master
           ├─8330 /usr/bin/python /usr/bin/salt-master
           ├─8331 /usr/bin/python /usr/bin/salt-master
           ├─8332 /usr/bin/python /usr/bin/salt-master
           ├─8340 /usr/bin/python /usr/bin/salt-master
           └─8342 /usr/bin/python /usr/bin/salt-master

Mar 08 13:13:53 centos120 systemd[1]: Starting The Salt Master Server...
Mar 08 13:13:54 centos120 salt-master[8295]: /usr/lib/python2.7/site-packages/salt/scripts.py:109: DeprecationWarni...ater.
Mar 08 13:13:55 centos120 systemd[1]: Started The Salt Master Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos120 salt]#

[root@centos120 salt]# netstat -antupl | grep python
tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      8321/python         
tcp        0      0 0.0.0.0:4506            0.0.0.0:*               LISTEN      8328/python         
[root@centos120 salt]# 

[root@centos120 salt]# ps -ef | grep  salt
root       8295      1  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8302   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8321   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8322      1  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       8323   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8326   8295  0 13:13 ?        00:00:12 /usr/bin/python /usr/bin/salt-master
root       8327   8295  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8328   8327  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-master
root       8329   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8330   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8331   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8332   8295  0 13:13 ?        00:00:08 /usr/bin/python /usr/bin/salt-master
root       8340   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8342   8327  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-master
root       8365   8322  0 13:13 ?        00:00:01 /usr/bin/python /usr/bin/salt-minion
root       8371   8365  0 13:13 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root      14012   7302  0 14:31 pts/0    00:00:00 grep --color=auto salt
[root@centos120 salt]# 

启动minion端 服务:

[root@centos122 salt]# systemctl start salt-minion
[root@centos122 salt]# systemctl status  salt-minion
● salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-03-08 14:00:46 CST; 27min ago
     Docs: man:salt-minion(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 7563 (salt-minion)
   CGroup: /system.slice/salt-minion.service
           ├─7563 /usr/bin/python /usr/bin/salt-minion
           ├─7567 /usr/bin/python /usr/bin/salt-minion
           └─7573 /usr/bin/python /usr/bin/salt-minion

Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR   ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR   ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR   ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR   ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR   ] DNS lookup or connection check of ‘salt‘ failed.
Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR   ] Master hostname: ‘salt‘ not found or not responsive. Retryi...conds
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos122 salt]# ll

[root@centos122 salt]# ps -ef | grep  salt
root       7563      1  0 14:00 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       7567   7563  0 14:00 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       7573   7567  0 14:00 ?        00:00:00 /usr/bin/python /usr/bin/salt-minion
root       8968   7030  0 14:29 pts/0    00:00:00 grep --color=auto salt
[root@centos122 salt]# 

同理centos120 ,centos121一样启动。

  1. 开始配置认证:
    重启所有服务:
[root@centos120 salt]# sytemctl restart salt-master 
[root@centos120 salt]# systemctl restart salt-minion
[root@centos121 salt]# systemctl restart salt-minion
[root@centos122 salt]# systemctl restart salt-minion

salt-minion 启动后,会自动向salt-master 发送公钥,

所以只要在salt-master 接受一下就可以

开始接受所有salt-minion公钥:

[root@centos120 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
centos120
centos121
centos122
Proceed? [n/Y] Y
Key for minion centos120 accepted.
Key for minion centos121 accepted.
Key for minion centos122 accepted.
[root@centos120 salt]# 

查看salt-minion端接受到的公钥:

[root@centos120 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root  450 Mar  8 14:45 minion_master.pub
-r-------- 1 root root 1674 Mar  8 14:42 minion.pem
-rw-r--r-- 1 root root  450 Mar  8 14:42 minion.pub
[root@centos120 salt]# ll /etc/salt/pki/master/
total 8
-r-------- 1 root root 1678 Mar  8 13:13 master.pem
-rw-r--r-- 1 root root  450 Mar  8 13:13 master.pub
drwxr-xr-x 2 root root   57 Mar  8 14:45 minions
drwxr-xr-x 2 root root    6 Mar  8 13:13 minions_autosign
drwxr-xr-x 2 root root    6 Mar  8 13:13 minions_denied
drwxr-xr-x 2 root root    6 Mar  8 14:45 minions_pre
drwxr-xr-x 2 root root    6 Mar  8 13:13 minions_rejected
[root@centos120 salt]# cat /etc/salt/pki/minion/minion_master.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTwWyV0gi7yFKKBt2tiS
thOEu6v1kn4OKM1TEcdIz7XzNUUS+ve/Jz51dH2X2ykW3lLkJqzM7AXunlWH0E5n
9vAzckMtXgjQ8/JrbRbIjDNiEAFqrJDMwDb5Zl4KUJUHZJW6LaT2WR5S9iCRNR+w
lK9SIpvCcBgfboUNt6u2ttIc4CW5UeIS7w6DGlrXv+9sD6djmjiWrmEjKJt0o9vR
myyJOQ3gXC9o/rv4HCmhJwSpqkDb93d4zs4M7jFssY2jfRKzY9paId/dgtkMcT1J
/J801mZv1DNV0mXZjEk8CqGFziO+8/UOFs/9yu1L3gDOQoysR5eAqOmTQN2pKgxL
FwIDAQAB
-----END PUBLIC KEY-----
[root@centos120 salt]#

查看生成的key:

[root@centos121 minion]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root  450 Mar  8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar  8 14:41 minion.pem
-rw-r--r-- 1 root root  450 Mar  8 14:41 minion.pub
[root@centos121 minion]# 
[root@centos121 minion]# 
[root@centos121 minion]# ll /etc/salt/pki/master/
total 0
[root@centos121 minion]# 

[root@centos122 salt]# ll /etc/salt/pki/minion/
total 12
-rw-r--r-- 1 root root  450 Mar  8 14:45 minion_master.pub
-r-------- 1 root root 1678 Mar  8 14:42 minion.pem
-rw-r--r-- 1 root root  450 Mar  8 14:42 minion.pub

[root@centos122 salt]# ll /etc/salt/pki/master/
total 0
[root@centos122 salt]# 

salt-master 和 salt-minion 证书认证配置到此完成。

  1. 测试批量处理
    远程执行命令:
[root@centos120 salt]# salt ‘centos121‘ test.ping
centos121:
    True
[root@centos120 salt]# salt ‘*‘ test.ping
centos121:
    True
centos122:
    True
centos120:
    True
[root@centos120 salt]# 

[root@centos120 salt]# salt ‘centos121‘ cmd.run ‘df -h‘
centos121:
    Filesystem               Size  Used Avail Use% Mounted on
    /dev/mapper/centos-root   17G  1.5G   16G   9% /
    devtmpfs                 475M     0  475M   0% /dev
    tmpfs                    487M   40K  487M   1% /dev/shm
    tmpfs                    487M  7.7M  479M   2% /run
    tmpfs                    487M     0  487M   0% /sys/fs/cgroup
    /dev/sdb2                105M  8.0M   97M   8% /gluster/brick2
    /dev/sda1               1014M  146M  869M  15% /boot
    /dev/sdb1                 92M  7.2M   85M   8% /gluster/brick1
    tmpfs                     98M     0   98M   0% /run/user/0

[root@centos120 salt]# salt ‘centos121‘ cmd.run ‘w‘
centos121:
     14:52:54 up  1:45,  1 user,  load average: 0.08, 0.03, 0.05
    USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
    root     pts/0    192.168.0.101    13:08    3:10   0.10s  0.10s -bash
[root@centos120 salt]# 

远程指定多台server :

[root@centos120 salt]# salt -L ‘centos120, centos121‘ cmd.run ‘hostname‘
centos121:
    centos121
centos120:
    centos120
[root@centos120 salt]# 
  1. salt组件介绍

saltstack之grains介绍:
GRAINS 组件是saltstack中非常重要的一个组件,其主要用于记录Minion的一些静态信息,如比:CPU、内存、磁盘、网络等。grains信息是每次客户端启动后自动上报给master的,一旦这些静态信息发生改变需要重启minion 或者 重新同步下 grains。

grains 是在minion启动收集到的一些信息,比如操作系统的类型,网卡IP,内存版本,CPU信息等。

[root@centos120 salt]# salt -L ‘centos121‘ grains.ls
centos121:
    - SSDs
    - biosreleasedate
    - biosversion
    - cpu_flags
    - cpu_model
    - cpuarch
    - cwd
    - disks
    - dns
    - domain
    - fqdn
    - fqdn_ip4
    - fqdn_ip6
    - fqdns
    - gid
    - gpus
    - groupname
    - host
    - hwaddr_interfaces
    - id
    - init
    - ip4_gw
    - ip4_interfaces
    - ip6_gw
    - ip6_interfaces
    - ip_gw
    - ip_interfaces
    - ipv4
    - ipv6
    - kernel
    - kernelrelease
    - kernelversion
    - locale_info
    - localhost
    - lsb_distrib_codename
    - lsb_distrib_id
    - machine_id
    - manufacturer
    - master
    - mdadm
    - mem_total
    - nodename
    - num_cpus
    - num_gpus
    - os
    - os_family
    - osarch
    - oscodename
    - osfinger
    - osfullname
    - osmajorrelease
    - osrelease
    - osrelease_info
    - path
    - pid
    - productname
    - ps
    - pythonexecutable
    - pythonpath
    - pythonversion
    - saltpath
    - saltversion
    - saltversioninfo
    - selinux
    - serialnumber
    - server_id
    - shell
    - swap_total
    - systemd
    - uid
    - username
    - uuid
    - virtual
    - zfs_feature_flags
    - zfs_support
    - zmqversion
[root@centos120 salt]# 

查看items:

[root@centos120 salt]# salt -L ‘centos121‘ grains.items
centos121:
    ----------
    SSDs:
    biosreleasedate:
        07/02/2015
    biosversion:
        6.00
    cpu_flags:
        - fpu
        - vme
        - de
        - pse
        - tsc
        - msr
        - pae
        - mce
        - cx8
        - apic
        - sep
        - mtrr
        - pge
        - mca
        - cmov
        - pat
        - pse36
        - clflush
        - dts
        - mmx
        - fxsr
        - sse
        - sse2
        - ss
        - ht
        - syscall
        - nx
        - pdpe1gb
        - rdtscp
        - lm
        - constant_tsc
        - arch_perfmon
        - pebs
        - bts
        - nopl
        - xtopology
        - tsc_reliable
        - nonstop_tsc
        - aperfmperf
        - eagerfpu
        - pni
        - pclmulqdq
        - vmx
        - ssse3
        - fma
        - cx16
        - pcid
        - sse4_1
        - sse4_2
        - x2apic
        - movbe
        - popcnt
        - tsc_deadline_timer
        - aes
        - xsave
        - avx
        - f16c
        - rdrand
        - hypervisor
        - lahf_lm
        - abm
        - 3dnowprefetch
        - epb
        - tpr_shadow
        - vnmi
        - ept
        - vpid
        - fsgsbase
        - tsc_adjust
        - bmi1
        - avx2
        - smep
        - bmi2
        - invpcid
        - rdseed
        - adx
        - smap
        - xsaveopt
        - dtherm
        - ida
        - arat
        - pln
        - pts
        - hwp
        - hwp_notify
        - hwp_act_window
        - hwp_epp
    cpu_model:
        Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
    cpuarch:
        x86_64
    cwd:
        /
    disks:
        - sda
        - sdb
        - sr0
        - dm-0
        - dm-1
    dns:
        ----------
        domain:
        ip4_nameservers:
            - 192.168.0.1
            - 192.168.1.1
        ip6_nameservers:
        nameservers:
            - 192.168.0.1
            - 192.168.1.1
        options:
        search:
            - DHCP
            - HOST
        sortlist:
    domain:
    fqdn:
        centos121
    fqdn_ip4:
        - 192.168.0.121
    fqdn_ip6:
        - fe80::4eff:a5b2:4d5b:ae08
        - fe80::2f47:1e27:f7e1:ea88
    fqdns:
    gid:
        0
    gpus:
        |_
          ----------
          model:
              SVGA II Adapter
          vendor:
              vmware
    groupname:
        root
    host:
        centos121
    hwaddr_interfaces:
        ----------
        ens33:
            00:0c:29:51:46:50
        ens37:
            00:0c:29:51:46:5a
        lo:
            00:00:00:00:00:00
    id:
        centos121
    init:
        systemd
    ip4_gw:
        192.168.0.1
    ip4_interfaces:
        ----------
        ens33:
            - 192.168.0.121
        ens37:
            - 192.168.0.102
        lo:
            - 127.0.0.1
    ip6_gw:
        False
    ip6_interfaces:
        ----------
        ens33:
            - fe80::2f47:1e27:f7e1:ea88
        ens37:
            - fe80::4eff:a5b2:4d5b:ae08
        lo:
            - ::1
    ip_gw:
        True
    ip_interfaces:
        ----------
        ens33:
            - 192.168.0.121
            - fe80::2f47:1e27:f7e1:ea88
        ens37:
            - 192.168.0.102
            - fe80::4eff:a5b2:4d5b:ae08
        lo:
            - 127.0.0.1
            - ::1
    ipv4:
        - 127.0.0.1
        - 192.168.0.102
        - 192.168.0.121
    ipv6:
        - ::1
        - fe80::2f47:1e27:f7e1:ea88
        - fe80::4eff:a5b2:4d5b:ae08
    kernel:
        Linux
    kernelrelease:
        3.10.0-957.el7.x86_64
    kernelversion:
        #1 SMP Thu Nov 8 23:39:32 UTC 2018
    locale_info:
        ----------
        defaultencoding:
            UTF-8
        defaultlanguage:
            en_US
        detectedencoding:
            UTF-8
        timezone:
            unknown
    localhost:
        centos121
    lsb_distrib_codename:
        CentOS Linux 7 (Core)
    lsb_distrib_id:
        CentOS Linux
    machine_id:
        25f97b4fbbea4c2a8e8940747c895695
    manufacturer:
        VMware, Inc.
    master:
        192.168.0.120
    mdadm:
    mem_total:
        972
    nodename:
        centos121
    num_cpus:
        8
    num_gpus:
        1
    os:
        CentOS
    os_family:
        RedHat
    osarch:
        x86_64
    oscodename:
        CentOS Linux 7 (Core)
    osfinger:
        CentOS Linux-7
    osfullname:
        CentOS Linux
    osmajorrelease:
        7
    osrelease:
        7.6.1810
    osrelease_info:
        - 7
        - 6
        - 1810
    path:
        /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
    pid:
        9033
    productname:
        VMware Virtual Platform
    ps:
        ps -efHww
    pythonexecutable:
        /usr/bin/python
    pythonpath:
        - /usr/bin
        - /usr/lib64/python27.zip
        - /usr/lib64/python2.7
        - /usr/lib64/python2.7/plat-linux2
        - /usr/lib64/python2.7/lib-tk
        - /usr/lib64/python2.7/lib-old
        - /usr/lib64/python2.7/lib-dynload
        - /usr/lib64/python2.7/site-packages
        - /usr/lib/python2.7/site-packages
    pythonversion:
        - 2
        - 7
        - 5
        - final
        - 0
    saltpath:
        /usr/lib/python2.7/site-packages/salt
    saltversion:
        3000
    saltversioninfo:
        - 3000
        - None
        - None
        - 0
    selinux:
        ----------
        enabled:
            False
        enforced:
            Disabled
    serialnumber:
        VMware-56 4d f8 fe ac f0 e1 1a-34 0a 67 d6 1b 51 46 50
    server_id:
        1110840923
    shell:
        /bin/sh
    swap_total:
        2047
    systemd:
        ----------
        features:
            +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
        version:
            219
    uid:
        0
    username:
        root
    uuid:
        fef84d56-f0ac-1ae1-340a-67d61b514650
    virtual:
        VMware
    zfs_feature_flags:
        False
    zfs_support:
        False
    zmqversion:
        4.1.4
[root@centos120 salt]# 
  1. 启动grains的信息并不是动态的,并不会时时变更,它只是在minion启动时收集到的,我们可以根据grains收集到的一些信息,做配置管理工作,可以支持自定义一些监控项。
[root@centos121 minion]# vi /etc/salt/grains 
[root@centos121 minion]# cat /etc/salt/grains
role: web1_server
env: test
myname: web1
myhostname: web1.com
[root@centos121 minion]#

然后重启minion

7.1 查看刚刚自定义的值
8.

[root@centos120 salt]# salt -L ‘centos121‘ grains.items | egrep -A 1  ‘role|env|myname|myhostname‘
    env:
        test
--
    myhostname:
        web1.com
    myname:
        web1
--
    role:
        web1_server
[root@centos120 salt]# 

7.2 单独查看item:

[root@centos120 salt]# salt -L ‘centos121‘ grains.item env
centos121:
    ----------
    env:
        test
[root@centos120 salt]# 

7.3 我们可以借助grains的一些属性信息来执行一些命令:

[root@centos120 salt]# salt -G env:test cmd.run ‘w‘
centos121:
     15:06:41 up  1:59,  1 user,  load average: 0.08, 0.03, 0.05
    USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
    root     pts/0    192.168.0.101    13:08    5:45   0.14s  0.14s -bash
[root@centos120 salt]# 
  1. saltstack之pillar介绍:
    grains用于存储静态不易变更的数据,而pillar一般用来存储动态的、敏感的数据;通过minion端和master端都可以配置设置或获取grains信息,而pillar信息只能在master端配置,再到minion端执行。
    pillar和grains不一样,是在master上定义的,并且是针对minion定义的一些信息,可以自定义变量等

自定义配置pillar过程:

8.1 在master 端centos120上配置pillar :
找到pillar_roots 这项,取消下面三行的注释

[root@centos120 salt]# cp -p master master.bk.20200308-2
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308-2
837,839c837,839
<  pillar_roots:
<    base:
<      - /srv/pillar
---
> #pillar_roots:  
# base:
> #    - /srv/pillar

创建pillar文件的存放目录:

[root@centos120 salt]#  mkdir -p /srv/pillar
[root@centos120 salt]#  cd !$
 cd /srv/pillar
[root@centos120 pillar]# 

创建配置文件,编辑如下内容:

[root@centos120 pillar]# vi httpd.sls
[root@centos120 pillar]# cat httpd.sls 
conf: /etc/httpd/conf/httpd.conf
servername: web1.com

注意冒号后有空格

创建编写入口配置文件 即top.sls文件

[root@centos120 pillar]# pwd
/srv/pillar
[root@centos120 pillar]# vi top.sls
[root@centos120 pillar]# cat top.sls 
base:
  ‘centos121‘:
    - httpd
[root@centos120 pillar]# 

注意- 后有空格

重启salt-master 服务

[root@centos120 pillar]# systemctl restart salt-master
[root@centos120 pillar]# 

可以通过刷新来获取新的状态

[root@centos120 pillar]# salt ‘*‘ saltutil.refresh_pillar
centos121:
    True
centos122:
    True
centos120:
    True
[root@centos120 pillar]# 

查看

[root@centos120 pillar]# salt ‘*‘ pillar.items
centos120:
    ----------
centos121:
    ----------
    conf:
        /etc/httpd/conf/httpd.conf
    servername:
        web1.com
centos122:
    ----------
[root@centos120 pillar]# 

9 .Saltstack 配置管理服务
1、配置安装apache

取消下面三行注释,注意空格

[root@centos120 salt]# cp -p master master.bk.20200308-3
[root@centos120 salt]# vi master
[root@centos120 salt]# diff master master.bk.20200308-3
657,659c657,659
< file_roots:
<   base:
<     - /srv/salt/
---
> # file_roots:
> #   base:
> #     - /srv/salt/
[root@centos120 salt]# 

创建配置文件存储目录 并创建入口文件

[root@centos120 ~]# mkdir /srv/salt
[root@centos120 ~]# cd !$
cd /srv/salt
[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  ‘centos121‘:
     - apache
[root@centos120 salt]# 

重启服务:

[root@centos120 salt]# !syste
systemctl restart salt-master
[root@centos120 salt]# 

创建编写apache模块的配置文件

[root@centos120 salt]# vi apache.sls
[root@centos120 salt]# cat apache.sls 
apache-service:
  pkg.installed:
    - names:
        -httpd
        -httpd-devel
  service.running:
    - name: httpd
    - enable: True

[root@centos120 salt]# 

注意:行对齐 -有空格
apache-service是ID的名称,自定义的。pkg.installed为包安装函数,下面是要安装的包的名字。service.running也是一个函数,来保证指定的服务启动,enable表示开机启动。

配置好文件,执行

[root@centos120 salt]# salt ‘centos121‘ state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: The following packages were installed/updated: httpd
     Started: 18:43:58.483864
    Duration: 18618.516 ms
     Changes:   
              ----------
              apr:
                  ----------
                  new:
                      1.4.8-5.el7
                  old:
              apr-util:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              httpd:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              httpd-tools:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              mailcap:
                  ----------
                  new:
                      2.1.41-2.el7
                  old:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: The following packages were installed/updated: httpd-devel
     Started: 18:44:17.118830
    Duration: 7455.336 ms
     Changes:   
              ----------
              apr-devel:
                  ----------
                  new:
                      1.4.8-5.el7
                  old:
              apr-util-devel:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              cyrus-sasl:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
              cyrus-sasl-devel:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
              expat-devel:
                  ----------
                  new:
                      2.1.0-10.el7_3
                  old:
              httpd-devel:
                  ----------
                  new:
                      2.4.6-90.el7.centos
                  old:
              libdb:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
                      5.3.21-24.el7
              libdb-devel:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
              libdb-utils:
                  ----------
                  new:
                      5.3.21-25.el7
                  old:
                      5.3.21-24.el7
              openldap:
                  ----------
                  new:
                      2.4.44-21.el7_6
                  old:
                      2.4.44-20.el7
              openldap-devel:
                  ----------
                  new:
                      2.4.44-21.el7_6
                  old:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 18:44:24.583323
    Duration: 211.858 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for centos121
------------
Succeeded: 3 (changed=3)
Failed:    0
------------
Total states run:     3
Total run time:  26.286 s
[root@centos120 salt]# 

从上述结果可以知道,可以成功执行

查看被执行的minion上的httpd的确被安装,启动和enabled

[root@centos121 salt]# netstat -antupl | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      10233/httpd         
udp6       0      0 fe80::2f47:1e27:f7e:123 :::*                                6525/ntpd           
[root@centos121 salt]# 
[root@centos121 salt]# systemctl is-enabled httpd 
enabled
[root@centos121 salt]# 

10.配置远程文件管理

创建一个文件管理的模块

[root@centos120 salt]# pwd
/etc/salt
[root@centos120 salt]# vi filecopy.sls
[root@centos120 salt]# cat filecopy.sls 
filecopy:
  file.managed:
    - name: /tmp/test.file
    - source: salt://test/index.php
    - user: root
    - group: root
    - mode: 644
[root@centos120 salt]# 

注意:第一行的 filecopy 为自定的名字,表示该配置段的名字,可以在别的配置段中引用它;source指定文件从哪里拷贝,这里的 test 目录相当于是 /srv/salt/test 目录;name指定远程客户端要生成的文件。

新建所要测试的源文件

[root@centos120 srv]# mkdir -p /srv/salt/test
[root@centos120 srv]# echo "test salt file managed" > /srv/salt/test/index.php

在入口文件里添加模块

[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  ‘centos121‘:
     - apache
     - filecopy
[root@centos120 salt]# 

测试执行

[root@centos120 salt]# salt ‘centos121‘ state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 22:38:32.908055
    Duration: 760.4 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 22:38:33.668754
    Duration: 16.474 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 22:38:33.686516
    Duration: 46.938 ms
     Changes:   
----------
          ID: filecopy
    Function: file.managed
        Name: /tmp/test.file
      Result: True
     Comment: File /tmp/test.file updated
     Started: 22:38:33.753042
    Duration: 32.348 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644

Summary for centos121
------------
Succeeded: 4 (changed=1)
Failed:    0
------------
Total states run:     4
Total run time: 856.160 ms
[root@centos120 salt]# 

查看结果

[root@centos121 ~]# ll /tmp/test.file 
-rw-r--r-- 1 root root 23 Mar  8 22:38 /tmp/test.file
[root@centos121 ~]# cat !$
cat /tmp/test.file
test salt file managed
[root@centos121 ~]# 

12.配置文件夹管理:
创建一个文件夹管理的模块

[root@centos120 salt]# cat filedir.sls 
file_dir:
  file.recurse:
    - name: /tmp/testdir
    - source: salt://test
    - user: root
    - group: root
    - file_mode: 644
    - dir_mode: 755
    - mkdir: True
    - clean: True

在入口文件里添加模块

[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  ‘centos121‘:
     - apache
     - filecopy
     - filedir
[root@centos120 salt]# 

测试文件夹管理

[root@centos120 salt]# salt ‘centos121‘ state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 22:47:17.475869
    Duration: 636.77 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 22:47:18.112930
    Duration: 16.986 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 22:47:18.130854
    Duration: 45.213 ms
     Changes:   
----------
          ID: filecopy
    Function: file.managed
        Name: /tmp/test.file
      Result: True
     Comment: File /tmp/test.file is in the correct state
     Started: 22:47:18.179219
    Duration: 21.548 ms
     Changes:   
----------
          ID: file_dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: Recursively updated /tmp/testdir
     Started: 22:47:18.200950
    Duration: 86.558 ms
     Changes:   
              ----------
              /tmp/testdir/index.php:
                  ----------
                  diff:
                      New file
                  mode:
                      0644

Summary for centos121
------------
Succeeded: 5 (changed=1)
Failed:    0
------------
Total states run:     5
Total run time: 807.075 ms
[root@centos120 salt]# 

客户端查看是否有/tmp/testdir 目录

[root@centos121 ~]# ls -ltr /tmp/testdir
total 4
-rw-r--r-- 1 root root 23 Mar  8 22:47 index.php
[root@centos121 ~]# 
  1. saltstack远程执行命令

创建执行命令的配置文件:

[root@centos120 salt]# vi cmd.sls
[root@centos120 salt]# cat cmd.sls 
cmd_test:
  cmd.run:
  - unless: test -f /tmp/gnu.index
  - names:
      - touch /tmp/cmdfile.index
      - mkdir /tmp/cmd
  - user: root
[root@centos120 salt]#

注意:unless: 表示若 /tmp/gnu.index文件不存在,也就是结果为True则执行-name后面的命令,为false则不执行;还可以使用 onlyif 表示若 /tmp/gnu.index文件存在,则执行后面的命令;两者正好相反。

在入口文件里添加模块

[root@centos120 salt]# vi top.sls
[root@centos120 salt]# cat top.sls 
base:
  ‘centos121‘:
     - apache
     - filecopy
     - filedir
     - cmd
[root@centos120 salt]#

测试执行命令

[root@centos120 salt]# salt ‘centos121‘ state.highstate
centos121:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: All specified packages are already installed
     Started: 22:53:35.762137
    Duration: 635.316 ms
     Changes:   
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: All specified packages are already installed
     Started: 22:53:36.397764
    Duration: 16.511 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 22:53:36.415052
    Duration: 44.985 ms
     Changes:   
----------
          ID: filecopy
    Function: file.managed
        Name: /tmp/test.file
      Result: True
     Comment: File /tmp/test.file is in the correct state
     Started: 22:53:36.463189
    Duration: 21.523 ms
     Changes:   
----------
          ID: file_dir
    Function: file.recurse
        Name: /tmp/testdir
      Result: True
     Comment: The directory /tmp/testdir is in the correct state
     Started: 22:53:36.484894
    Duration: 29.106 ms
     Changes:   
----------
          ID: cmd_test
    Function: cmd.run
        Name: touch /tmp/cmdfile.index
      Result: True
     Comment: Command "touch /tmp/cmdfile.index" run
     Started: 22:53:36.522364
    Duration: 31.084 ms
     Changes:   
              ----------
              pid:
                  11407
              retcode:
                  0
              stderr:
              stdout:
----------
          ID: cmd_test
    Function: cmd.run
        Name: mkdir /tmp/cmd
      Result: True
     Comment: Command "mkdir /tmp/cmd" run
     Started: 22:53:36.553711
    Duration: 20.647 ms
     Changes:   
              ----------
              pid:
                  11409
              retcode:
                  0
              stderr:
              stdout:

Summary for centos121
------------
Succeeded: 7 (changed=2)
Failed:    0
------------
Total states run:     7
Total run time: 799.172 ms
[root@centos120 salt]# 

查看客户端结果

[root@centos121 ~]# ls -ltr /tmp/ | tail -2
-rw-r--r-- 1 root root     0 Mar  8 22:53 cmdfile.index
drwxr-xr-x 2 root root     6 Mar  8 22:53 cmd
[root@centos121 ~]# 

14.saltstack远程执行shell脚本

创建执行shell 脚本配置文件

[root@centos120 salt]# vi shell.sls
[root@centos120 salt]# cat shell.sls 
shell_test:
  cmd.script:
  - source: salt://test/gnu.sh
  - user: root
[root@centos120 salt]# 

创建shell脚本

[root@centos120 salt]# vi test/gnu.sh
[root@centos120 salt]# cat test/gnu.sh 
#!/bin/bash
systemctl stop httpd >> /tmp/log

在入口文件中添加执行配置

[root@centos120 salt]# cat top.sls 
base:
  ‘centos121‘:
     - shell
[root@centos120 salt]# 

测试执行

[root@centos120 salt]# salt ‘centos121‘ state.highstate
centos121:
----------
          ID: shell_test
    Function: cmd.script
      Result: True
     Comment: Command ‘shell_test‘ run
     Started: 23:03:13.523069
    Duration: 1064.226 ms
     Changes:   
              ----------
              pid:
                  11703
              retcode:
                  0
              stderr:
              stdout:

Summary for centos121
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:   1.064 s
[root@centos120 salt]# 

查看结果

[root@centos121 ~]# cat /tmp/log 
[root@centos121 ~]# 

SaltStack 自动化运维实战

标签:ada   rom   pass   service   slice   sudo   onstop   ddr   XSA   

原文地址:https://blog.51cto.com/guanhaizhan/2476465

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!