SaltStack自动化运维的安装和实现
发表于:2025-12-03 作者:千家信息网编辑
千家信息网最后更新 2025年12月03日,最新版实战 Latest release: 3000 (February 10, 2020)参考saltStack官方文档ON THE SALT MASTERRun these commands on
千家信息网最后更新 2025年12月03日SaltStack自动化运维的安装和实现
最新版实战 Latest release: 3000 (February 10, 2020)
参考saltStack官方文档
ON THE SALT MASTER
Run these commands on the system that you want to use as the central management point.
curl -L https://bootstrap.saltstack.com -o install_salt.shsudo sh install_salt.sh -P -MYour Salt master can manage itself, so a Salt minion is installed along with the Salt master. If you do not want to install the minion, also pass the -N option.ON EACH SALT MINION
Run these commands on each system that you want to manage using Salt.
curl -L https://bootstrap.saltstack.com -o install_salt.shsudo sh install_salt.sh -P实战配置服务器如下
master 192.168.0.120 centos120 node1 192.168.0.121 centos121node2 192.168.0.122 centos122以上三台服务均关闭selinux ,firewalld,设置/etc/hosts ,也就是它们可以hostname相互访问,且可以访问互联网,这些简单操作就不在这里展示步骤了。
1.下面开始安装
在master 端
[root@centos120 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 283k 100 283k 0 0 51683 0 0:00:05 0:00:05 --:--:-- 70732[root@centos120 ~]# ll install_salt.sh -rw-r--r-- 1 root root 290571 Mar 8 13:09 install_salt.sh[root@centos120 ~]# [root@centos120 ~]# sh install_salt.sh -P -M * INFO: Running version: 2020.02.24 * INFO: Executed by: sh * INFO: Command line: 'install_salt.sh -P -M' * INFO: System Information: * INFO: CPU: GenuineIntel * INFO: CPU Arch: x86_64 * INFO: OS Name: Linux * INFO: OS Version: 3.10.0-957.el7.x86_64 * INFO: Distribution: CentOS 7.6 * INFO: Installing minion * INFO: Installing master * INFO: Found function install_centos_stable_deps * INFO: Found function config_salt * INFO: Found function preseed_master * INFO: Found function install_centos_stable * INFO: Found function install_centos_stable_post * INFO: Found function install_centos_restart_daemons * INFO: Found function daemons_running * INFO: Found function install_centos_check_services * INFO: Running install_centos_stable_deps().......Installed: salt-master.noarch 0:3000-1.el7 salt-minion.noarch 0:3000-1.el7 Dependency Installed: libsodium.x86_64 0:1.0.18-1.el7 libtomcrypt.x86_64 0:1.17-26.el7 libtommath.x86_64 0:0.42.0-6.el7 openpgm.x86_64 0:5.2.122-2.el7 python-babel.noarch 0:0.9.6-8.el7 python-backports_abc.noarch 0:0.5-11.el7 python-jinja2.noarch 0:2.7.2-4.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-requests.noarch 0:2.6.0-8.el7_7 python-singledispatch.noarch 0:3.4.0.3-16.el7 python-six.noarch 0:1.9.0-2.el7 python-urllib3.noarch 0:1.10.2-7.el7 python-zmq.x86_64 0:15.3.0-3.el7 python2-crypto.x86_64 0:2.6.1-16.el7 python2-futures.noarch 0:3.1.1-5.el7 python2-msgpack.x86_64 0:0.6.2-2.el7 python2-psutil.x86_64 0:5.6.7-1.el7 salt.noarch 0:3000-1.el7 systemd-python.x86_64 0:219-67.el7_7.3 zeromq.x86_64 0:4.1.4-7.el7 Dependency Updated: python-setuptools.noarch 0:36.6.0-2.ius.el7 systemd.x86_64 0:219-67.el7_7.3 systemd-libs.x86_64 0:219-67.el7_7.3 systemd-sysv.x86_64 0:219-67.el7_7.3 Complete! * INFO: Running install_centos_stable_post() * INFO: Running install_centos_check_services() * INFO: Running install_centos_restart_daemons() * INFO: Running daemons_running() * INFO: Salt installed![root@centos120 ~]# 从上面可以知道其安装了那些包,到此处master 端安装成功,也就是管理节点。
- 下面开始安装minion节点,也就是需要管理的节点(在生产环境中,如web服务节点,数据库节点,存储节点,这些需要批量发布代码,配置等等服务器)
[root@centos121 ~]# curl -L https://bootstrap.saltstack.com -o install_salt.sh[root@centos121 ~]# ll install_salt.sh-rw-r--r-- 1 root root 290571 Mar 8 13:13 install_salt.sh[root@centos121 ~]# [root@centos121 ~]# sh install_salt.sh -P* INFO: Running version: 2020.02.24 * INFO: Executed by: sh * INFO: Command line: 'install_salt.sh -P' * INFO: System Information: * INFO: CPU: GenuineIntel * INFO: CPU Arch: x86_64 * INFO: OS Name: Linux * INFO: OS Version: 3.10.0-957.el7.x86_64 * INFO: Distribution: CentOS 7.6 * INFO: Installing minion * INFO: Found function install_centos_stable_deps * INFO: Found function config_salt * INFO: Found function preseed_master * INFO: Found function install_centos_stable * INFO: Found function install_centos_stable_post * INFO: Found function install_centos_restart_daemons * INFO: Found function daemons_running * INFO: Found function install_centos_check_services * INFO: Running install_centos_stable_deps() ............. Installed: salt-minion.noarch 0:3000-1.el7 Dependency Installed: libsodium.x86_64 0:1.0.18-1.el7 libtomcrypt.x86_64 0:1.17-26.el7 libtommath.x86_64 0:0.42.0-6.el7 openpgm.x86_64 0:5.2.122-2.el7 python-babel.noarch 0:0.9.6-8.el7 python-backports.x86_64 0:1.0-8.el7 python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 python-backports_abc.noarch 0:0.5-11.el7 python-ipaddress.noarch 0:1.0.16-2.el7 python-jinja2.noarch 0:2.7.2-4.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-requests.noarch 0:2.6.0-8.el7_7 python-setuptools.noarch 0:36.6.0-2.ius.el7 python-singledispatch.noarch 0:3.4.0.3-16.el7 python-six.noarch 0:1.9.0-2.el7 python-urllib3.noarch 0:1.10.2-7.el7 python-zmq.x86_64 0:15.3.0-3.el7 python2-crypto.x86_64 0:2.6.1-16.el7 python2-futures.noarch 0:3.1.1-5.el7 python2-msgpack.x86_64 0:0.6.2-2.el7 python2-psutil.x86_64 0:5.6.7-1.el7 salt.noarch 0:3000-1.el7 systemd-python.x86_64 0:219-67.el7_7.3 zeromq.x86_64 0:4.1.4-7.el7 Dependency Updated: systemd.x86_64 0:219-67.el7_7.3 systemd-libs.x86_64 0:219-67.el7_7.3 systemd-sysv.x86_64 0:219-67.el7_7.3 Complete! * INFO: Running install_centos_stable_post() * INFO: Running install_centos_check_services() * INFO: Running install_centos_restart_daemons() * INFO: Running daemons_running() * INFO: Salt installed![root@centos121 ~]# 同理centos122节点minion,到此处minion 端安装完成。
3.下面开始配置
配置之前需要了解的知识点:
saltstack简单介绍
Saltstack是一种全新的基础设施管理方式,是一个服务器基础架构集中化管理平台,几分钟内便可运行起来,速度够快,服务器之间秒级通讯,扩展性好,很容易批量管理上万台服务器,显著降低人力与运维成本;它具备配置管理、远程执行、监控等功能,一般可以理解为简化版的puppet和加强版的func;通过部署SaltStack环境,可以在成千上万台服务器上做到批量执行命令,根据不同业务特性进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)(SaltStack的通信模式总共分为2种模式:ZeroMQ、REAT,鉴于REAT目前还不是太稳定,通常会选择ZeroMQ模式)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。
Saltstack运行模式:
Local:本地,一台机器玩,不建议。
Master/Minion:通过server/agent的方式进行管理,效率很高(批量管理1000台机器,25秒搞定)。
Salt SSH:通过SSH方式进行管理,效率相对来说比较低(批量管理1000台机器,83秒搞定)。
Saltstack三大功能:
远程执行(执行远程命令)
配置管理(状态管理)
云管理
Saltstack特征:
1)部署简单、方便;
2)支持大部分UNIX/Linux及Windows环境;
3)主从集中化管理;
4)配置简单、功能强大、扩展性强;
5)主控端(master)和被控端(minion)基于证书认证,安全可靠;
6)支持API及自定义模块,可通过Python轻松扩展。
Master与Minion认证:
1)minion在第一次启动时,会在/etc/salt/pki/minion/(该路径在/etc/salt/minion里面设置)下自动生成minion.pem(private key)和 minion.pub(public key),然后将 minion.pub发送给master。
2)master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的 public key,然后master就能对minion发送指令了。
Master与Minion的连接:
1)SaltStack master启动后默认监听4505和4506两个端口。4505(publish_port)为saltstack的消息发布系统,4506(ret_port)为saltstack客户端与服务端通信的端口。如果使用lsof 查看4505端口,会发现所有的minion在4505端口持续保持在ESTABLISHED状态。
2)minion与master之间的通信模式如下:
现在开始配置,
先查看服务端安装了那些文件:
[root@centos120 ~]# ll /etc/salt/total 132-rw------- 1 root root 2927 Feb 2 07:15 clouddrwx------ 2 root root 6 Feb 5 02:46 cloud.conf.ddrwx------ 2 root root 6 Feb 5 02:46 cloud.deploy.ddrwx------ 2 root root 6 Feb 5 02:46 cloud.maps.ddrwx------ 2 root root 6 Feb 5 02:46 cloud.profiles.ddrwx------ 2 root root 6 Feb 5 02:46 cloud.providers.d-rw-r----- 1 root root 51534 Feb 2 07:15 masterdrwxr-xr-x 2 root root 6 Feb 5 02:46 master.d-rw-r----- 1 root root 37370 Feb 2 07:15 miniondrwxr-xr-x 2 root root 6 Feb 5 02:46 minion.d-rw-r--r-- 1 root root 9 Mar 8 13:13 minion_iddrwxr-xr-x 4 root root 34 Mar 8 13:13 pki-rw-r----- 1 root root 28289 Feb 2 07:15 proxydrwxr-xr-x 2 root root 6 Feb 5 02:46 proxy.d-rw-r----- 1 root root 344 Feb 2 07:15 roster[root@centos120 ~]# minion 端安装了什么文件
[root@centos121 ~]# ll /etc/salt/total 132-rw------- 1 root root 2927 Feb 2 07:15 clouddrwx------ 2 root root 6 Feb 5 02:46 cloud.conf.ddrwx------ 2 root root 6 Feb 5 02:46 cloud.deploy.ddrwx------ 2 root root 6 Feb 5 02:46 cloud.maps.ddrwx------ 2 root root 6 Feb 5 02:46 cloud.profiles.ddrwx------ 2 root root 6 Feb 5 02:46 cloud.providers.d-rw-r----- 1 root root 51534 Feb 2 07:15 masterdrwxr-xr-x 2 root root 6 Feb 5 02:46 master.d-rw-r----- 1 root root 37370 Feb 2 07:15 miniondrwxr-xr-x 2 root root 6 Feb 5 02:46 minion.d-rw-r--r-- 1 root root 9 Mar 8 13:45 minion_iddrwxr-xr-x 4 root root 34 Mar 8 13:45 pki-rw-r----- 1 root root 28289 Feb 2 07:15 proxydrwxr-xr-x 2 root root 6 Feb 5 02:46 proxy.d-rw-r----- 1 root root 344 Feb 2 07:15 roster[root@centos121 ~]# 配置主控端:
[root@centos120 salt]# cp -p master master.bk.20200308[root@centos120 salt]# vi master[root@centos120 salt]# diff master master.bk.20200308 15c15< interface: 192.168.0.120---> #interface: 0.0.0.0[root@centos120 salt]# 配置minion端,一共有3个minion:
[root@centos120 salt]# cp -p minion minion.bk.20200308[root@centos120 salt]# diff minion minion.bk.20200308 16c16< master: 192.168.0.120---> #master: salt[root@centos120 salt]# [root@centos121 salt]# cp -p minion minion.bk.20200308[root@centos121 salt]# diff minion minion.bk.20200308 16c16< master: 192.168.0.120---> #master: salt[root@centos121 salt]# [root@centos122 salt]# cp -p minion minion.bk.20200308[root@centos122 salt]# diff minion minion.bk.20200308 16c16< master: 192.168.0.120---> #master: salt[root@centos122 salt]# 启动master端 服务:
[root@centos120 salt]# systemctl start salt-master[root@centos120 salt]# systemctl status salt-master● salt-master.service - The Salt Master Server Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-03-08 13:13:55 CST; 1h 3min ago Docs: man:salt-master(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html Main PID: 8295 (salt-master) CGroup: /system.slice/salt-master.service ├─8295 /usr/bin/python /usr/bin/salt-master ├─8302 /usr/bin/python /usr/bin/salt-master ├─8321 /usr/bin/python /usr/bin/salt-master ├─8323 /usr/bin/python /usr/bin/salt-master ├─8326 /usr/bin/python /usr/bin/salt-master ├─8327 /usr/bin/python /usr/bin/salt-master ├─8328 /usr/bin/python /usr/bin/salt-master ├─8329 /usr/bin/python /usr/bin/salt-master ├─8330 /usr/bin/python /usr/bin/salt-master ├─8331 /usr/bin/python /usr/bin/salt-master ├─8332 /usr/bin/python /usr/bin/salt-master ├─8340 /usr/bin/python /usr/bin/salt-master └─8342 /usr/bin/python /usr/bin/salt-masterMar 08 13:13:53 centos120 systemd[1]: Starting The Salt Master Server...Mar 08 13:13:54 centos120 salt-master[8295]: /usr/lib/python2.7/site-packages/salt/scripts.py:109: DeprecationWarni...ater.Mar 08 13:13:55 centos120 systemd[1]: Started The Salt Master Server.Hint: Some lines were ellipsized, use -l to show in full.[root@centos120 salt]#[root@centos120 salt]# netstat -antupl | grep pythontcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 8321/python tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 8328/python [root@centos120 salt]# [root@centos120 salt]# ps -ef | grep saltroot 8295 1 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-masterroot 8302 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-masterroot 8321 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-masterroot 8322 1 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-minionroot 8323 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-masterroot 8326 8295 0 13:13 ? 00:00:12 /usr/bin/python /usr/bin/salt-masterroot 8327 8295 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-masterroot 8328 8327 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-masterroot 8329 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-masterroot 8330 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-masterroot 8331 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-masterroot 8332 8295 0 13:13 ? 00:00:08 /usr/bin/python /usr/bin/salt-masterroot 8340 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-masterroot 8342 8327 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-masterroot 8365 8322 0 13:13 ? 00:00:01 /usr/bin/python /usr/bin/salt-minionroot 8371 8365 0 13:13 ? 00:00:00 /usr/bin/python /usr/bin/salt-minionroot 14012 7302 0 14:31 pts/0 00:00:00 grep --color=auto salt[root@centos120 salt]# 启动minion端 服务:
[root@centos122 salt]# systemctl start salt-minion[root@centos122 salt]# systemctl status salt-minion● salt-minion.service - The Salt Minion Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-03-08 14:00:46 CST; 27min ago Docs: man:salt-minion(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html Main PID: 7563 (salt-minion) CGroup: /system.slice/salt-minion.service ├─7563 /usr/bin/python /usr/bin/salt-minion ├─7567 /usr/bin/python /usr/bin/salt-minion └─7573 /usr/bin/python /usr/bin/salt-minionMar 08 14:25:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.Mar 08 14:25:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...condsMar 08 14:26:21 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.Mar 08 14:26:21 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...condsMar 08 14:26:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.Mar 08 14:26:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...condsMar 08 14:27:21 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.Mar 08 14:27:21 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...condsMar 08 14:27:51 centos122 salt-minion[7563]: [ERROR ] DNS lookup or connection check of 'salt' failed.Mar 08 14:27:51 centos122 salt-minion[7563]: [ERROR ] Master hostname: 'salt' not found or not responsive. Retryi...condsHint: Some lines were ellipsized, use -l to show in full.[root@centos122 salt]# ll[root@centos122 salt]# ps -ef | grep saltroot 7563 1 0 14:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minionroot 7567 7563 0 14:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minionroot 7573 7567 0 14:00 ? 00:00:00 /usr/bin/python /usr/bin/salt-minionroot 8968 7030 0 14:29 pts/0 00:00:00 grep --color=auto salt[root@centos122 salt]# 同理centos120 ,centos121一样启动。
- 开始配置认证:
重启所有服务:
[root@centos120 salt]# sytemctl restart salt-master [root@centos120 salt]# systemctl restart salt-minion[root@centos121 salt]# systemctl restart salt-minion[root@centos122 salt]# systemctl restart salt-minionsalt-minion 启动后,会自动向salt-master 发送公钥,
所以只要在salt-master 接受一下就可以
开始接受所有salt-minion公钥:
[root@centos120 salt]# salt-key -AThe following keys are going to be accepted:Unaccepted Keys:centos120centos121centos122Proceed? [n/Y] YKey for minion centos120 accepted.Key for minion centos121 accepted.Key for minion centos122 accepted.[root@centos120 salt]# 查看salt-minion端接受到的公钥:
[root@centos120 salt]# ll /etc/salt/pki/minion/total 12-rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub-r-------- 1 root root 1674 Mar 8 14:42 minion.pem-rw-r--r-- 1 root root 450 Mar 8 14:42 minion.pub[root@centos120 salt]# ll /etc/salt/pki/master/total 8-r-------- 1 root root 1678 Mar 8 13:13 master.pem-rw-r--r-- 1 root root 450 Mar 8 13:13 master.pubdrwxr-xr-x 2 root root 57 Mar 8 14:45 minionsdrwxr-xr-x 2 root root 6 Mar 8 13:13 minions_autosigndrwxr-xr-x 2 root root 6 Mar 8 13:13 minions_denieddrwxr-xr-x 2 root root 6 Mar 8 14:45 minions_predrwxr-xr-x 2 root root 6 Mar 8 13:13 minions_rejected[root@centos120 salt]# cat /etc/salt/pki/minion/minion_master.pub-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTwWyV0gi7yFKKBt2tiSthOEu6v1kn4OKM1TEcdIz7XzNUUS+ve/Jz51dH2X2ykW3lLkJqzM7AXunlWH0E5n9vAzckMtXgjQ8/JrbRbIjDNiEAFqrJDMwDb5Zl4KUJUHZJW6LaT2WR5S9iCRNR+wlK9SIpvCcBgfboUNt6u2ttIc4CW5UeIS7w6DGlrXv+9sD6djmjiWrmEjKJt0o9vRmyyJOQ3gXC9o/rv4HCmhJwSpqkDb93d4zs4M7jFssY2jfRKzY9paId/dgtkMcT1J/J801mZv1DNV0mXZjEk8CqGFziO+8/UOFs/9yu1L3gDOQoysR5eAqOmTQN2pKgxLFwIDAQAB-----END PUBLIC KEY-----[root@centos120 salt]#查看生成的key:
[root@centos121 minion]# ll /etc/salt/pki/minion/total 12-rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub-r-------- 1 root root 1678 Mar 8 14:41 minion.pem-rw-r--r-- 1 root root 450 Mar 8 14:41 minion.pub[root@centos121 minion]# [root@centos121 minion]# [root@centos121 minion]# ll /etc/salt/pki/master/total 0[root@centos121 minion]# [root@centos122 salt]# ll /etc/salt/pki/minion/total 12-rw-r--r-- 1 root root 450 Mar 8 14:45 minion_master.pub-r-------- 1 root root 1678 Mar 8 14:42 minion.pem-rw-r--r-- 1 root root 450 Mar 8 14:42 minion.pub[root@centos122 salt]# ll /etc/salt/pki/master/total 0[root@centos122 salt]# salt-master 和 salt-minion 证书认证配置到此完成。
- 测试批量处理
远程执行命令:
[root@centos120 salt]# salt 'centos121' test.pingcentos121: True[root@centos120 salt]# salt '*' test.pingcentos121: Truecentos122: Truecentos120: True[root@centos120 salt]# [root@centos120 salt]# salt 'centos121' cmd.run 'df -h'centos121: Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 17G 1.5G 16G 9% / devtmpfs 475M 0 475M 0% /dev tmpfs 487M 40K 487M 1% /dev/shm tmpfs 487M 7.7M 479M 2% /run tmpfs 487M 0 487M 0% /sys/fs/cgroup /dev/sdb2 105M 8.0M 97M 8% /gluster/brick2 /dev/sda1 1014M 146M 869M 15% /boot /dev/sdb1 92M 7.2M 85M 8% /gluster/brick1 tmpfs 98M 0 98M 0% /run/user/0[root@centos120 salt]# salt 'centos121' cmd.run 'w'centos121: 14:52:54 up 1:45, 1 user, load average: 0.08, 0.03, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.0.101 13:08 3:10 0.10s 0.10s -bash[root@centos120 salt]# 远程指定多台server :
[root@centos120 salt]# salt -L 'centos120, centos121' cmd.run 'hostname'centos121: centos121centos120: centos120[root@centos120 salt]# - salt组件介绍
saltstack之grains介绍:
GRAINS 组件是saltstack中非常重要的一个组件,其主要用于记录Minion的一些静态信息,如比:CPU、内存、磁盘、网络等。grains信息是每次客户端启动后自动上报给master的,一旦这些静态信息发生改变需要重启minion 或者 重新同步下 grains。
grains 是在minion启动收集到的一些信息,比如操作系统的类型,网卡IP,内存版本,CPU信息等。
[root@centos120 salt]# salt -L 'centos121' grains.lscentos121: - SSDs - biosreleasedate - biosversion - cpu_flags - cpu_model - cpuarch - cwd - disks - dns - domain - fqdn - fqdn_ip4 - fqdn_ip6 - fqdns - gid - gpus - groupname - host - hwaddr_interfaces - id - init - ip4_gw - ip4_interfaces - ip6_gw - ip6_interfaces - ip_gw - ip_interfaces - ipv4 - ipv6 - kernel - kernelrelease - kernelversion - locale_info - localhost - lsb_distrib_codename - lsb_distrib_id - machine_id - manufacturer - master - mdadm - mem_total - nodename - num_cpus - num_gpus - os - os_family - osarch - oscodename - osfinger - osfullname - osmajorrelease - osrelease - osrelease_info - path - pid - productname - ps - pythonexecutable - pythonpath - pythonversion - saltpath - saltversion - saltversioninfo - selinux - serialnumber - server_id - shell - swap_total - systemd - uid - username - uuid - virtual - zfs_feature_flags - zfs_support - zmqversion[root@centos120 salt]# 查看items:
[root@centos120 salt]# salt -L 'centos121' grains.itemscentos121: ---------- SSDs: biosreleasedate: 07/02/2015 biosversion: 6.00 cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - dts - mmx - fxsr - sse - sse2 - ss - ht - syscall - nx - pdpe1gb - rdtscp - lm - constant_tsc - arch_perfmon - pebs - bts - nopl - xtopology - tsc_reliable - nonstop_tsc - aperfmperf - eagerfpu - pni - pclmulqdq - vmx - ssse3 - fma - cx16 - pcid - sse4_1 - sse4_2 - x2apic - movbe - popcnt - tsc_deadline_timer - aes - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - abm - 3dnowprefetch - epb - tpr_shadow - vnmi - ept - vpid - fsgsbase - tsc_adjust - bmi1 - avx2 - smep - bmi2 - invpcid - rdseed - adx - smap - xsaveopt - dtherm - ida - arat - pln - pts - hwp - hwp_notify - hwp_act_window - hwp_epp cpu_model: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz cpuarch: x86_64 cwd: / disks: - sda - sdb - sr0 - dm-0 - dm-1 dns: ---------- domain: ip4_nameservers: - 192.168.0.1 - 192.168.1.1 ip6_nameservers: nameservers: - 192.168.0.1 - 192.168.1.1 options: search: - DHCP - HOST sortlist: domain: fqdn: centos121 fqdn_ip4: - 192.168.0.121 fqdn_ip6: - fe80::4eff:a5b2:4d5b:ae08 - fe80::2f47:1e27:f7e1:ea88 fqdns: gid: 0 gpus: |_ ---------- model: SVGA II Adapter vendor: vmware groupname: root host: centos121 hwaddr_interfaces: ---------- ens33: 00:0c:29:51:46:50 ens37: 00:0c:29:51:46:5a lo: 00:00:00:00:00:00 id: centos121 init: systemd ip4_gw: 192.168.0.1 ip4_interfaces: ---------- ens33: - 192.168.0.121 ens37: - 192.168.0.102 lo: - 127.0.0.1 ip6_gw: False ip6_interfaces: ---------- ens33: - fe80::2f47:1e27:f7e1:ea88 ens37: - fe80::4eff:a5b2:4d5b:ae08 lo: - ::1 ip_gw: True ip_interfaces: ---------- ens33: - 192.168.0.121 - fe80::2f47:1e27:f7e1:ea88 ens37: - 192.168.0.102 - fe80::4eff:a5b2:4d5b:ae08 lo: - 127.0.0.1 - ::1 ipv4: - 127.0.0.1 - 192.168.0.102 - 192.168.0.121 ipv6: - ::1 - fe80::2f47:1e27:f7e1:ea88 - fe80::4eff:a5b2:4d5b:ae08 kernel: Linux kernelrelease: 3.10.0-957.el7.x86_64 kernelversion: #1 SMP Thu Nov 8 23:39:32 UTC 2018 locale_info: ---------- defaultencoding: UTF-8 defaultlanguage: en_US detectedencoding: UTF-8 timezone: unknown localhost: centos121 lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux machine_id: 25f97b4fbbea4c2a8e8940747c895695 manufacturer: VMware, Inc. master: 192.168.0.120 mdadm: mem_total: 972 nodename: centos121 num_cpus: 8 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.6.1810 osrelease_info: - 7 - 6 - 1810 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin pid: 9033 productname: VMware Virtual Platform ps: ps -efHww pythonexecutable: /usr/bin/python pythonpath: - /usr/bin - /usr/lib64/python27.zip - /usr/lib64/python2.7 - /usr/lib64/python2.7/plat-linux2 - /usr/lib64/python2.7/lib-tk - /usr/lib64/python2.7/lib-old - /usr/lib64/python2.7/lib-dynload - /usr/lib64/python2.7/site-packages - /usr/lib/python2.7/site-packages pythonversion: - 2 - 7 - 5 - final - 0 saltpath: /usr/lib/python2.7/site-packages/salt saltversion: 3000 saltversioninfo: - 3000 - None - None - 0 selinux: ---------- enabled: False enforced: Disabled serialnumber: VMware-56 4d f8 fe ac f0 e1 1a-34 0a 67 d6 1b 51 46 50 server_id: 1110840923 shell: /bin/sh swap_total: 2047 systemd: ---------- features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: 219 uid: 0 username: root uuid: fef84d56-f0ac-1ae1-340a-67d61b514650 virtual: VMware zfs_feature_flags: False zfs_support: False zmqversion: 4.1.4[root@centos120 salt]# - 启动grains的信息并不是动态的,并不会时时变更,它只是在minion启动时收集到的,我们可以根据grains收集到的一些信息,做配置管理工作,可以支持自定义一些监控项。
[root@centos121 minion]# vi /etc/salt/grains [root@centos121 minion]# cat /etc/salt/grainsrole: web1_serverenv: testmyname: web1myhostname: web1.com[root@centos121 minion]#然后重启minion
7.1 查看刚刚自定义的值
8.
[root@centos120 salt]# salt -L 'centos121' grains.items | egrep -A 1 'role|env|myname|myhostname' env: test-- myhostname: web1.com myname: web1-- role: web1_server[root@centos120 salt]# 7.2 单独查看item:
[root@centos120 salt]# salt -L 'centos121' grains.item envcentos121: ---------- env: test[root@centos120 salt]# 7.3 我们可以借助grains的一些属性信息来执行一些命令:
[root@centos120 salt]# salt -G env:test cmd.run 'w'centos121: 15:06:41 up 1:59, 1 user, load average: 0.08, 0.03, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.0.101 13:08 5:45 0.14s 0.14s -bash[root@centos120 salt]# - saltstack之pillar介绍:
grains用于存储静态不易变更的数据,而pillar一般用来存储动态的、敏感的数据;通过minion端和master端都可以配置设置或获取grains信息,而pillar信息只能在master端配置,再到minion端执行。
pillar和grains不一样,是在master上定义的,并且是针对minion定义的一些信息,可以自定义变量等
自定义配置pillar过程:
8.1 在master 端centos120上配置pillar :
找到pillar_roots 这项,取消下面三行的注释
[root@centos120 salt]# cp -p master master.bk.20200308-2[root@centos120 salt]# vi master[root@centos120 salt]# diff master master.bk.20200308-2837,839c837,839< pillar_roots:< base:< - /srv/pillar---> #pillar_roots: # base:> # - /srv/pillar创建pillar文件的存放目录:
[root@centos120 salt]# mkdir -p /srv/pillar[root@centos120 salt]# cd !$ cd /srv/pillar[root@centos120 pillar]# 创建配置文件,编辑如下内容:
[root@centos120 pillar]# vi httpd.sls[root@centos120 pillar]# cat httpd.sls conf: /etc/httpd/conf/httpd.confservername: web1.com注意冒号后有空格
创建编写入口配置文件 即top.sls文件
[root@centos120 pillar]# pwd/srv/pillar[root@centos120 pillar]# vi top.sls[root@centos120 pillar]# cat top.sls base: 'centos121': - httpd[root@centos120 pillar]# 注意- 后有空格
重启salt-master 服务
[root@centos120 pillar]# systemctl restart salt-master[root@centos120 pillar]# 可以通过刷新来获取新的状态
[root@centos120 pillar]# salt '*' saltutil.refresh_pillarcentos121: Truecentos122: Truecentos120: True[root@centos120 pillar]# 查看
[root@centos120 pillar]# salt '*' pillar.itemscentos120: ----------centos121: ---------- conf: /etc/httpd/conf/httpd.conf servername: web1.comcentos122: ----------[root@centos120 pillar]# 9 .Saltstack 配置管理服务
1、配置安装apache
取消下面三行注释,注意空格
[root@centos120 salt]# cp -p master master.bk.20200308-3[root@centos120 salt]# vi master[root@centos120 salt]# diff master master.bk.20200308-3657,659c657,659< file_roots:< base:< - /srv/salt/---> # file_roots:> # base:> # - /srv/salt/[root@centos120 salt]# 创建配置文件存储目录 并创建入口文件
[root@centos120 ~]# mkdir /srv/salt[root@centos120 ~]# cd !$cd /srv/salt[root@centos120 salt]# vi top.sls[root@centos120 salt]# cat top.sls base: 'centos121': - apache[root@centos120 salt]# 重启服务:
[root@centos120 salt]# !systesystemctl restart salt-master[root@centos120 salt]# 创建编写apache模块的配置文件
[root@centos120 salt]# vi apache.sls[root@centos120 salt]# cat apache.sls apache-service: pkg.installed: - names: -httpd -httpd-devel service.running: - name: httpd - enable: True[root@centos120 salt]# 注意:行对齐 -有空格
apache-service是ID的名称,自定义的。pkg.installed为包安装函数,下面是要安装的包的名字。service.running也是一个函数,来保证指定的服务启动,enable表示开机启动。
配置好文件,执行
[root@centos120 salt]# salt 'centos121' state.highstatecentos121:---------- ID: apache-service Function: pkg.installed Name: httpd Result: True Comment: The following packages were installed/updated: httpd Started: 18:43:58.483864 Duration: 18618.516 ms Changes: ---------- apr: ---------- new: 1.4.8-5.el7 old: apr-util: ---------- new: 1.5.2-6.el7 old: httpd: ---------- new: 2.4.6-90.el7.centos old: httpd-tools: ---------- new: 2.4.6-90.el7.centos old: mailcap: ---------- new: 2.1.41-2.el7 old:---------- ID: apache-service Function: pkg.installed Name: httpd-devel Result: True Comment: The following packages were installed/updated: httpd-devel Started: 18:44:17.118830 Duration: 7455.336 ms Changes: ---------- apr-devel: ---------- new: 1.4.8-5.el7 old: apr-util-devel: ---------- new: 1.5.2-6.el7 old: cyrus-sasl: ---------- new: 2.1.26-23.el7 old: cyrus-sasl-devel: ---------- new: 2.1.26-23.el7 old: expat-devel: ---------- new: 2.1.0-10.el7_3 old: httpd-devel: ---------- new: 2.4.6-90.el7.centos old: libdb: ---------- new: 5.3.21-25.el7 old: 5.3.21-24.el7 libdb-devel: ---------- new: 5.3.21-25.el7 old: libdb-utils: ---------- new: 5.3.21-25.el7 old: 5.3.21-24.el7 openldap: ---------- new: 2.4.44-21.el7_6 old: 2.4.44-20.el7 openldap-devel: ---------- new: 2.4.44-21.el7_6 old:---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: Service httpd has been enabled, and is running Started: 18:44:24.583323 Duration: 211.858 ms Changes: ---------- httpd: TrueSummary for centos121------------Succeeded: 3 (changed=3)Failed: 0------------Total states run: 3Total run time: 26.286 s[root@centos120 salt]# 从上述结果可以知道,可以成功执行
查看被执行的minion上的httpd的确被安装,启动和enabled
[root@centos121 salt]# netstat -antupl | grep 80tcp6 0 0 :::80 :::* LISTEN 10233/httpd udp6 0 0 fe80::2f47:1e27:f7e:123 :::* 6525/ntpd [root@centos121 salt]# [root@centos121 salt]# systemctl is-enabled httpd enabled[root@centos121 salt]# 10.配置远程文件管理
创建一个文件管理的模块
[root@centos120 salt]# pwd/etc/salt[root@centos120 salt]# vi filecopy.sls[root@centos120 salt]# cat filecopy.sls filecopy: file.managed: - name: /tmp/test.file - source: salt://test/index.php - user: root - group: root - mode: 644[root@centos120 salt]# 注意:第一行的 filecopy 为自定的名字,表示该配置段的名字,可以在别的配置段中引用它;source指定文件从哪里拷贝,这里的 test 目录相当于是 /srv/salt/test 目录;name指定远程客户端要生成的文件。
新建所要测试的源文件
[root@centos120 srv]# mkdir -p /srv/salt/test[root@centos120 srv]# echo "test salt file managed" > /srv/salt/test/index.php在入口文件里添加模块
[root@centos120 salt]# vi top.sls[root@centos120 salt]# cat top.sls base: 'centos121': - apache - filecopy[root@centos120 salt]# 测试执行
[root@centos120 salt]# salt 'centos121' state.highstatecentos121:---------- ID: apache-service Function: pkg.installed Name: httpd Result: True Comment: All specified packages are already installed Started: 22:38:32.908055 Duration: 760.4 ms Changes: ---------- ID: apache-service Function: pkg.installed Name: httpd-devel Result: True Comment: All specified packages are already installed Started: 22:38:33.668754 Duration: 16.474 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: The service httpd is already running Started: 22:38:33.686516 Duration: 46.938 ms Changes: ---------- ID: filecopy Function: file.managed Name: /tmp/test.file Result: True Comment: File /tmp/test.file updated Started: 22:38:33.753042 Duration: 32.348 ms Changes: ---------- diff: New file mode: 0644Summary for centos121------------Succeeded: 4 (changed=1)Failed: 0------------Total states run: 4Total run time: 856.160 ms[root@centos120 salt]# 查看结果
[root@centos121 ~]# ll /tmp/test.file -rw-r--r-- 1 root root 23 Mar 8 22:38 /tmp/test.file[root@centos121 ~]# cat !$cat /tmp/test.filetest salt file managed[root@centos121 ~]# 12.配置文件夹管理:
创建一个文件夹管理的模块
[root@centos120 salt]# cat filedir.sls file_dir: file.recurse: - name: /tmp/testdir - source: salt://test - user: root - group: root - file_mode: 644 - dir_mode: 755 - mkdir: True - clean: True在入口文件里添加模块
[root@centos120 salt]# vi top.sls[root@centos120 salt]# cat top.sls base: 'centos121': - apache - filecopy - filedir[root@centos120 salt]# 测试文件夹管理
[root@centos120 salt]# salt 'centos121' state.highstatecentos121:---------- ID: apache-service Function: pkg.installed Name: httpd Result: True Comment: All specified packages are already installed Started: 22:47:17.475869 Duration: 636.77 ms Changes: ---------- ID: apache-service Function: pkg.installed Name: httpd-devel Result: True Comment: All specified packages are already installed Started: 22:47:18.112930 Duration: 16.986 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: The service httpd is already running Started: 22:47:18.130854 Duration: 45.213 ms Changes: ---------- ID: filecopy Function: file.managed Name: /tmp/test.file Result: True Comment: File /tmp/test.file is in the correct state Started: 22:47:18.179219 Duration: 21.548 ms Changes: ---------- ID: file_dir Function: file.recurse Name: /tmp/testdir Result: True Comment: Recursively updated /tmp/testdir Started: 22:47:18.200950 Duration: 86.558 ms Changes: ---------- /tmp/testdir/index.php: ---------- diff: New file mode: 0644Summary for centos121------------Succeeded: 5 (changed=1)Failed: 0------------Total states run: 5Total run time: 807.075 ms[root@centos120 salt]# 客户端查看是否有/tmp/testdir 目录
[root@centos121 ~]# ls -ltr /tmp/testdirtotal 4-rw-r--r-- 1 root root 23 Mar 8 22:47 index.php[root@centos121 ~]# - saltstack远程执行命令
创建执行命令的配置文件:
[root@centos120 salt]# vi cmd.sls[root@centos120 salt]# cat cmd.sls cmd_test: cmd.run: - unless: test -f /tmp/gnu.index - names: - touch /tmp/cmdfile.index - mkdir /tmp/cmd - user: root[root@centos120 salt]#注意:unless: 表示若 /tmp/gnu.index文件不存在,也就是结果为True则执行-name后面的命令,为false则不执行;还可以使用 onlyif 表示若 /tmp/gnu.index文件存在,则执行后面的命令;两者正好相反。
在入口文件里添加模块
[root@centos120 salt]# vi top.sls[root@centos120 salt]# cat top.sls base: 'centos121': - apache - filecopy - filedir - cmd[root@centos120 salt]#测试执行命令
[root@centos120 salt]# salt 'centos121' state.highstatecentos121:---------- ID: apache-service Function: pkg.installed Name: httpd Result: True Comment: All specified packages are already installed Started: 22:53:35.762137 Duration: 635.316 ms Changes: ---------- ID: apache-service Function: pkg.installed Name: httpd-devel Result: True Comment: All specified packages are already installed Started: 22:53:36.397764 Duration: 16.511 ms Changes: ---------- ID: apache-service Function: service.running Name: httpd Result: True Comment: The service httpd is already running Started: 22:53:36.415052 Duration: 44.985 ms Changes: ---------- ID: filecopy Function: file.managed Name: /tmp/test.file Result: True Comment: File /tmp/test.file is in the correct state Started: 22:53:36.463189 Duration: 21.523 ms Changes: ---------- ID: file_dir Function: file.recurse Name: /tmp/testdir Result: True Comment: The directory /tmp/testdir is in the correct state Started: 22:53:36.484894 Duration: 29.106 ms Changes: ---------- ID: cmd_test Function: cmd.run Name: touch /tmp/cmdfile.index Result: True Comment: Command "touch /tmp/cmdfile.index" run Started: 22:53:36.522364 Duration: 31.084 ms Changes: ---------- pid: 11407 retcode: 0 stderr: stdout:---------- ID: cmd_test Function: cmd.run Name: mkdir /tmp/cmd Result: True Comment: Command "mkdir /tmp/cmd" run Started: 22:53:36.553711 Duration: 20.647 ms Changes: ---------- pid: 11409 retcode: 0 stderr: stdout:Summary for centos121------------Succeeded: 7 (changed=2)Failed: 0------------Total states run: 7Total run time: 799.172 ms[root@centos120 salt]# 查看客户端结果
[root@centos121 ~]# ls -ltr /tmp/ | tail -2-rw-r--r-- 1 root root 0 Mar 8 22:53 cmdfile.indexdrwxr-xr-x 2 root root 6 Mar 8 22:53 cmd[root@centos121 ~]# 14.saltstack远程执行shell脚本
创建执行shell 脚本配置文件
[root@centos120 salt]# vi shell.sls[root@centos120 salt]# cat shell.sls shell_test: cmd.script: - source: salt://test/gnu.sh - user: root[root@centos120 salt]# 创建shell脚本
[root@centos120 salt]# vi test/gnu.sh[root@centos120 salt]# cat test/gnu.sh #!/bin/bashsystemctl stop httpd >> /tmp/log在入口文件中添加执行配置
[root@centos120 salt]# cat top.sls base: 'centos121': - shell[root@centos120 salt]# 测试执行
[root@centos120 salt]# salt 'centos121' state.highstatecentos121:---------- ID: shell_test Function: cmd.script Result: True Comment: Command 'shell_test' run Started: 23:03:13.523069 Duration: 1064.226 ms Changes: ---------- pid: 11703 retcode: 0 stderr: stdout:Summary for centos121------------Succeeded: 1 (changed=1)Failed: 0------------Total states run: 1Total run time: 1.064 s[root@centos120 salt]# 查看结果
[root@centos121 ~]# cat /tmp/log [root@centos121 ~]#
配置
文件
管理
服务
信息
命令
模块
服务器
节点
入口
测试
客户
客户端
模式
目录
结果
也就是
数据
端口
存储
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
美国在那一年公布网络安全
豹尔科技互联网
天津数据库培训
惠州软件开发咨询
公考网络安全知识
作业辅导软件开发
网络安全培训小组组长
热血江湖电信一区哪个服务器好
简述数据库安全控制的一般方法
服务器双处理器使用
南京联创互联网科技有限公司
互联网怎么提高网络安全
tbc有pve服务器吗
物流公司数据库
软件开发学习培训班
代理服务器最悠久
数据库主键和外键单词
软件开发 项目 开票
柳州管理软件开发费用
数据库获得date型数据
想象中的网络安全工程师
怎么创建本地服务器
服务器elitemobs
日本网络安全广告
软件开发授权合同
现货期货软件开发
福建仓库管理软件开发
华为服务器认证资料
黑锋网络技术
北京亚辉腾运网络技术
