【0723】自動化運維——saltstack
24.1 自動化運維介紹html
認識自動化運維:node
傳統運維效率低,大多工做人爲完成python
傳統運維工做繁瑣,容易出錯linux
傳統運維每日重複作相同的事情ios
傳統運維沒有標準化流程nginx
傳統運維的腳本繁多,不能方便管理git
自動化運維就是要解決上面全部問題shell
常見自動化運維工具:vim
Puppet (www.puppetlabs.com)基於 rubby 開發,c/s 架構,支持多平臺,可管理配置文件、用戶、cron 任務、軟件包、系統服務等。 分爲社區版(免費)和企業版(收費),企業版支持圖形化配置。api
Saltstack(官網 https://saltstack.com,文檔docs.saltstack.com )基於 python 開發,c/s 架構,支持多平臺,比 puppet 輕量,在遠程執行命令時很是快捷,配置和使用比 puppet 容易,能實現 puppet 幾乎全部的功能。
Ansible (www.ansible.com )更加簡潔的自動化運維工具,不須要在客戶端上安裝 agent,基於 python 開發。能夠實現批量操做系統配置、批量程序的部署、批量運行命令。
24.2 saltstack安裝
saltstack 介紹 https://docs.saltstack.com/en/latest/topics/index.html
——可使用 salt-ssh 遠程執行,相似 ansible
——也支持 c/s 模式,下面咱們將講述該種模式的使用,須要準備兩臺機器
——194.130爲服務端,194.132爲客戶端
一、設置 hostname 以及hosts,arslinux-01,arslinux-02
[root@arslinux-01 ~]# vim /etc/hosts 192.168.194.130 arslinux-01 192.168.194.132 arslinux-02
二、兩臺機器所有安裝 saltstack yum 源
[root@arslinux-01 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm [root@arslinux-02 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
三、130上安裝 salt-master salt-minion,132上安裝 salt-minion
[root@arslinux-01 ~]# yum install -y salt-master salt-minion [root@arslinux-02 ~]# yum install -y salt-minion
若是想哪臺機器做爲控制中心,那麼就在該機器安裝 salt-master,其餘機器只安裝 salt-minion
24.3 啓動saltstack服務
一、130 上編輯配置文件
[root@arslinux-01 ~]# vim /etc/salt/minion master: arslinux-01
(冒號後的空格不能省略,不然會出錯)
二、啓動服務 salt-master,salt-minion
[root@arslinux-01 ~]# systemctl start salt-master [root@arslinux-01 ~]# systemctl start salt-minion [root@arslinux-01 ~]# ps aux|grep salt root 44172 0.3 1.3 389376 40932 ? Ss 22:23 0:03 /usr/bin/python /usr/bin/salt-master root 44181 0.0 0.6 306024 20072 ? S 22:23 0:00 /usr/bin/python /usr/bin/salt-master root 44188 0.0 1.1 469972 34380 ? Sl 22:23 0:00 /usr/bin/python /usr/bin/salt-master root 44192 0.0 1.1 388464 34144 ? S 22:23 0:00 /usr/bin/python /usr/bin/salt-master root 44193 0.7 1.9 417660 60528 ? S 22:23 0:08 /usr/bin/python /usr/bin/salt-master root 44194 0.0 1.1 389120 34820 ? S 22:23 0:00 /usr/bin/python /usr/bin/salt-master root 44195 0.0 1.1 765976 35248 ? Sl 22:23 0:00 /usr/bin/python /usr/bin/salt-master root 44203 0.3 1.5 487824 49356 ? Sl 22:23 0:04 /usr/bin/python /usr/bin/salt-master root 44204 0.3 1.5 487804 49320 ? Sl 22:23 0:04 /usr/bin/python /usr/bin/salt-master root 44205 0.3 1.5 487796 49184 ? Sl 22:23 0:04 /usr/bin/python /usr/bin/salt-master root 44207 0.3 1.5 487808 49192 ? Sl 22:23 0:04 /usr/bin/python /usr/bin/salt-master root 44208 0.3 1.5 487792 49316 ? Sl 22:23 0:04 /usr/bin/python /usr/bin/salt-master root 44210 0.2 1.1 463108 35224 ? Sl 22:23 0:02 /usr/bin/python /usr/bin/salt-master root 47603 14.0 0.7 314132 21716 ? Ss 22:43 0:00 /usr/bin/python /usr/bin/salt-minion root 47606 56.0 1.3 567764 42856 ? Sl 22:43 0:01 /usr/bin/python /usr/bin/salt-minion root 47614 0.3 0.6 403864 20176 ? S 22:43 0:00 /usr/bin/python /usr/bin/salt-minion root 47685 0.0 0.0 112724 988 pts/0 R+ 22:43 0:00 grep --color=auto salt
三、132 上編輯配置文件
[root@arslinux-02 ~]# vim /etc/salt/minion master: arslinux-01 [root@arslinux-02 ~]# systemctl start salt-minion
四、啓動服務 salt-minion
[root@arslinux-02 ~]# ps aux|grep salt root 14221 33.0 2.1 314028 21740 ? Ss 22:43 0:00 /usr/bin/python /usr/bin/salt-minion root 14224 55.5 3.9 466532 39152 ? Sl 22:43 0:01 /usr/bin/python /usr/bin/salt-minion root 14232 0.0 2.0 403760 20180 ? S 22:43 0:00 /usr/bin/python /usr/bin/salt-minion root 14294 0.0 0.0 112724 988 pts/1 R+ 22:43 0:00 grep --color=auto salt
服務端監聽 4505 和 4506 兩個端口,4505 爲消息發佈的端口,4506 爲和客戶端通訊的端口
客戶端不須要監聽端口
錯誤:
啓動 satl-minion,查看不到進程,下面方法出現錯誤
[root@arslinux-01 ~]# /usr/bin/salt-minion start /usr/lib/python2.7/site-packages/salt/scripts.py:198: DeprecationWarning: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. Salt will drop support for Python 2.7 in the Sodium release or later. [ERROR ] Error parsing configuration file: /etc/salt/minion - conf should be a document, not <type 'unicode'>. [ERROR ] Error parsing configuration file: /etc/salt/minion - conf should be a document, not <type 'unicode'>.
最後發現是/etc/salt/minion 中 master: arslinux-01 中間的空格不能省略
24.4 saltstack配置認證
saltstack 配置認證的認識:
——master 端和 minion 端通訊須要創建一個安全通道,傳輸過程須要加密,因此得配置認證,也是經過密鑰對來加密解密的
——minion 在第一次啓動時會在 /etc/salt/pki/minion/ 下生成 minion.pem 和 minion.pub,其中.pub爲公鑰,它會把公鑰傳輸給 master
——master 第一次啓動時也會在 /etc/salt/pki/master 下生成密鑰對,當 master 接收到 minion 傳過來的公鑰後,經過 salt-key 工具接受這個公鑰,一旦接受後就會在 /etc/salt/pki/master/minions/ 目錄裏存放剛剛接受的公鑰,同時客戶端也會接受 master 傳過去的公鑰,把它放在 /etc/salt/pki/minion 目錄下,並命名爲 minion_master.pub
以上過程須要藉助 salt-key 工具來實現
[root@arslinux-01 ~]# salt-key -a arslinux-02 The following keys are going to be accepted: Unaccepted Keys: arslinux-02 Proceed? [n/Y] y Key for minion arslinux-02 accepted. [root@arslinux-01 ~]# salt-key Accepted Keys: arslinux-02 Denied Keys: Unaccepted Keys: arslinux-01 Rejected Keys: [root@arslinux-01 ~]# ls /etc/salt/pki/master/minions/ arslinux-02 [root@arslinux-01 ~]# cat /etc/salt/pki/master/minions/arslinux-02 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33bNZQ/cEK8v20hVFbb6 WGMROxv9kGImHyn6OYNfJHFFpiJblgZheeqct0nrUW4TugLv7LI7a3+DXs2JkzqH Sh5Q06W1nj4Q0Qv9uGJqf75ZjCvapuCGRR8e79ETbXmhmAwXMmewK8UiWCRFe2/g nc/w/2rwk6QIpUsNYLCwPF0FLrdJJJDEcWp93UW0SZXHllkqubsBdHdqo8SZVK0H 30n2e3dzwwbVqgIV3AE9kp8qevuwq5sJ1XJLV0BcLroTfft4BODttS4AcaVyWmKK qNlal3oYYpjXRnJIcZzp5e5srQRjUzFzDKJfS1o6iFf76BuBRnp+eiIx37K05w3d SQIDAQAB -----END PUBLIC KEY-----[root@arslinux-01 ~]#
salt-key命令用法:
-a 後面跟主機名,認證指定主機
-A 認證全部主機
-r 跟主機名,拒絕指定主機
-R 拒絕全部主機
-d 跟主機名,刪除指定主機認證
-D 刪除所有主機認證
-y 省略掉交互,至關於直接按了y
實際操做:
[root@arslinux-01 ~]# salt-key -A The following keys are going to be accepted: Unaccepted Keys: arslinux-01 Proceed? [n/Y] y Key for minion arslinux-01 accepted. [root@arslinux-01 ~]# !ls ls /etc/salt/pki/master/minions/ arslinux-01 arslinux-02 [root@arslinux-01 ~]# salt-key -D The following keys are going to be deleted: Accepted Keys: arslinux-01 arslinux-02 Proceed? [N/y] y Key for minion arslinux-01 deleted. Key for minion arslinux-02 deleted. [root@arslinux-01 ~]# ls /etc/salt/pki/master/minions/ [root@arslinux-01 ~]#
——刪除以後沒法添加,須要重啓 minion,讓 master 去從新識別 minion
[root@arslinux-01 ~]# salt-key -A -y The key glob '*' does not match any unaccepted keys. [root@arslinux-01 ~]# systemctl restart salt-minion [root@arslinux-02 ~]# systemctl restart salt-minion [root@arslinux-01 ~]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: arslinux-01 arslinux-02 Rejected Keys: [root@arslinux-01 ~]# salt-key -A -y The following keys are going to be accepted: Unaccepted Keys: arslinux-01 arslinux-02 Key for minion arslinux-01 accepted. Key for minion arslinux-02 accepted.
——只有在 Unaccepted keys 下的 keys 才能夠被 salt-key -r 或 salt-key -R 操做
[root@arslinux-01 ~]# salt-key -r arslinux-02 The key glob 'arslinux-02' does not match any unaccepted keys. [root@arslinux-01 ~]# systemctl restart salt-minion [root@arslinux-02 ~]# systemctl restart salt-minion [root@arslinux-01 ~]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: arslinux-01 arslinux-02 Rejected Keys: [root@arslinux-01 ~]# salt-key -r arslinux-02 The following keys are going to be rejected: Unaccepted Keys: arslinux-02 Proceed? [n/Y] y Key for minion arslinux-02 rejected.
24.5 saltstack遠程執行命令
[root@arslinux-01 ~]# salt-key Accepted Keys: arslinux-01 arslinux-02 Denied Keys: Unaccepted Keys: Rejected Keys:
salt '*' test.ping 測試對方機器是否存活
[root@arslinux-01 ~]# salt '*' test.ping arslinux-02: True arslinux-01: True [root@arslinux-01 ~]# salt 'arslinux-02' test.ping arslinux-02: True
這裏的 * 表示全部已經簽名的 minion 端,也能夠指定一個,rest.ping 測試對方機器是否存活
salt '*' cmd.run "命令" 在全部簽名的 minion 端執行這個命令
[root@arslinux-01 ~]# salt '*' cmd.run 'ip addr' arslinux-02: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:14:4f:d9 brd ff:ff:ff:ff:ff:ff inet 192.168.194.132/24 brd 192.168.194.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::4c99:ed43:5757:e772/64 scope link noprefixroute valid_lft forever preferred_lft forever arslinux-01: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:24:ea:f2 brd ff:ff:ff:ff:ff:ff inet 192.168.194.130/24 brd 192.168.194.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 192.168.194.150/24 brd 192.168.194.255 scope global secondary noprefixroute ens33:0 valid_lft forever preferred_lft forever inet6 fe80::c905:5e78:b916:41da/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:24:ea:fc brd ff:ff:ff:ff:ff:ff inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens37 valid_lft forever preferred_lft forever inet6 fe80::f41:9da7:d8e3:10ba/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@arslinux-01 ~]# salt 'arslinux-02' cmd.run 'tail -1 /etc/passwd' arslinux-02: git:x:1001:1001::/home/git:/usr/bin/git-shell
說明: 這裏的*必須是在master上已經被接受過認證的客戶端,能夠經過salt-key查到,一般是咱們已經設定的id值。
關於這部份內容,它支持通配、列表以及正則。 好比兩臺客戶端 aming-01,aming-02, 那咱們能夠寫成 salt 'aming-*', salt 'aming-0[12]' salt -L 'aming-01,aming-02' salt -E 'aming-(01|02)' 等形式,使用列表,即多個機器用逗號分隔,並且須要加 -L,使用正則必需要帶 -E 選項。 它還支持 grains,加 -G選項,pillar 加 -I 選項,下面會介紹到
[root@arslinux-01 ~]# salt 'arslinux-*' cmd.run 'hostname' arslinux-01: arslinux-01 arslinux-02: arslinux-02 [root@arslinux-01 ~]# salt 'arslinux-0[12]' cmd.run 'hostname' arslinux-02: arslinux-02 arslinux-01: arslinux-01 [root@arslinux-01 ~]# salt -L 'arslinux-01,arslinux-02' cmd.run 'hostname' arslinux-02: arslinux-02 arslinux-01: arslinux-01 [root@arslinux-01 ~]# salt -E 'arslinux-[0-9]+' cmd.run 'hostname' arslinux-02: arslinux-02 arslinux-01: arslinux-01 [root@arslinux-01 ~]# salt -E 'arslinux-(01|02)' cmd.run 'hostname' arslinux-02: arslinux-02 arslinux-01: arslinux-01
24.6 grains
grains 是在 minion 啓動時收集到的一些信息,好比操做系統類型、網卡 ip、內核版本、cpu 架構等
salt '主機名' grains.ls 列出全部的grains項目名字
[root@arslinux-01 ~]# salt 'arslinux-01' grains.ls arslinux-01: - SSDs - biosreleasedate - biosversion - cpu_flags - cpu_model - cpuarch - disks - dns - domain - fqdn - fqdn_ip4 - fqdn_ip6 - fqdns - gid - gpus - groupname - host - hwaddr_interfaces - id - init - ip4_gw - ip4_interfaces - ip6_gw - ip6_interfaces - ip_gw - ip_interfaces - ipv4 - ipv6 - kernel - kernelrelease - kernelversion - locale_info - localhost - lsb_distrib_codename - lsb_distrib_id - machine_id - manufacturer - master - mdadm - mem_total - nodename - num_cpus - num_gpus - os - os_family - osarch - oscodename - osfinger - osfullname - osmajorrelease - osrelease - osrelease_info - path - pid - productname - ps - pythonexecutable - pythonpath - pythonversion - saltpath - saltversion - saltversioninfo - selinux - serialnumber - server_id - shell - swap_total - systemd - uid - username - uuid - virtual - zfs_feature_flags - zfs_support - zmqversion
salt 'arslinux-01' grains.items 列出全部grains項目以及值
[root@arslinux-01 ~]# salt 'arslinux-01' grains.items arslinux-01: ---------- SSDs: biosreleasedate: 07/02/2015 biosversion: 6.00 cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - dts - mmx - fxsr - sse - sse2 - ss - syscall - nx - pdpe1gb - rdtscp - lm - constant_tsc - arch_perfmon - pebs - bts - nopl - xtopology - tsc_reliable - nonstop_tsc - aperfmperf - eagerfpu - pni - pclmulqdq - ssse3 - fma - cx16 - pcid - sse4_1 - sse4_2 - x2apic - movbe - popcnt - tsc_deadline_timer - aes - xsave - avx - f16c - rdrand - hypervisor - lahf_lm - abm - 3dnowprefetch - epb - fsgsbase - tsc_adjust - bmi1 - avx2 - smep - bmi2 - invpcid - rdseed - adx - smap - xsaveopt - dtherm - arat - pln - pts - hwp - hwp_notify - hwp_act_window - hwp_epp cpu_model: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz cpuarch: x86_64 disks: - sda - sdb - sr0 - dm-0 dns: ---------- domain: ip4_nameservers: - 119.29.29.29 ip6_nameservers: nameservers: - 119.29.29.29 options: search: sortlist: domain: fqdn: arslinux-01 fqdn_ip4: - 192.168.194.130 fqdn_ip6: - fe80::c905:5e78:b916:41da - fe80::f41:9da7:d8e3:10ba fqdns: gid: 0 gpus: |_ ---------- model: SVGA II Adapter vendor: vmware groupname: root host: arslinux-01 hwaddr_interfaces: ---------- ens33: 00:0c:29:24:ea:f2 ens37: 00:0c:29:24:ea:fc lo: 00:00:00:00:00:00 id: arslinux-01 init: systemd ip4_gw: 192.168.194.2 ip4_interfaces: ---------- ens33: - 192.168.194.130 - 192.168.194.150 ens37: - 192.168.100.1 lo: - 127.0.0.1 ip6_gw: False ip6_interfaces: ---------- ens33: - fe80::c905:5e78:b916:41da - 192.168.194.150 ens37: - fe80::f41:9da7:d8e3:10ba lo: - ::1 ip_gw: True ip_interfaces: ---------- ens33: - 192.168.194.130 - fe80::c905:5e78:b916:41da - 192.168.194.150 ens37: - 192.168.100.1 - fe80::f41:9da7:d8e3:10ba lo: - 127.0.0.1 - ::1 ipv4: - 127.0.0.1 - 192.168.100.1 - 192.168.194.130 - 192.168.194.150 ipv6: - ::1 - fe80::f41:9da7:d8e3:10ba - fe80::c905:5e78:b916:41da kernel: Linux kernelrelease: 3.10.0-957.el7.x86_64 kernelversion: #1 SMP Thu Nov 8 23:39:32 UTC 2018 locale_info: ---------- defaultencoding: UTF-8 defaultlanguage: zh_CN detectedencoding: UTF-8 localhost: arslinux-01 lsb_distrib_codename: CentOS Linux 7 (Core) lsb_distrib_id: CentOS Linux machine_id: 0b3b2aee4c754c669d6ca09336428b22 manufacturer: VMware, Inc. master: arslinux-01 mdadm: mem_total: 2827 nodename: arslinux-01 num_cpus: 1 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: CentOS Linux 7 (Core) osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: 7 osrelease: 7.6.1810 osrelease_info: - 7 - 6 - 1810 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin pid: 4817 productname: VMware Virtual Platform ps: ps -efHww pythonexecutable: /usr/bin/python pythonpath: - /usr/bin - /usr/lib64/python27.zip - /usr/lib64/python2.7 - /usr/lib64/python2.7/plat-linux2 - /usr/lib64/python2.7/lib-tk - /usr/lib64/python2.7/lib-old - /usr/lib64/python2.7/lib-dynload - /usr/lib64/python2.7/site-packages - /usr/lib/python2.7/site-packages pythonversion: - 2 - 7 - 5 - final - 0 saltpath: /usr/lib/python2.7/site-packages/salt saltversion: 2019.2.0 saltversioninfo: - 2019 - 2 - 0 - 0 selinux: ---------- enabled: False enforced: Disabled serialnumber: VMware-56 4d 2d 5f 36 b3 f6 de-b7 99 1d 0c 81 24 ea f2 server_id: 858362777 shell: /bin/sh swap_total: 1952 systemd: ---------- features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: 219 uid: 0 username: root uuid: 5f2d4d56-b336-def6-b799-1d0c8124eaf2 virtual: VMware zfs_feature_flags: False zfs_support: False zmqversion: 4.1.4
——grains 的信息並非動態的,並不會實時變動,它是在 minion 啓動時收集到的。
——咱們能夠根據 grains 收集到的一些信息,作配置管理工做
自定義 grains 信息
一、在 minion 端的 /etc/salt/grains 裏添加兩行,重啓 salt-minion
[root@arslinux-02 ~]# vim /etc/salt/grains env: test role: nginx [root@arslinux-02 ~]# systemctl restart salt-minion
二、master 上獲取 grains
[root@arslinux-01 ~]# salt '*' grains.item role env arslinux-01: ---------- env: role: arslinux-02: ---------- env: test role: nginx
——能夠藉助 grains 的一些屬性信息來執行
salt -G 鍵:值 具體操做 藉助 grains 信息執行
[root@arslinux-01 ~]# salt '*' grains.item role env arslinux-01: ---------- env: role: arslinux-02: ---------- env: test role: nginx
[root@arslinux-01 ~]# salt -G role:nginx cmd.run 'hostname' arslinux-02: arslinux-02 [root@arslinux-01 ~]# salt -G role:nginx cmd.run 'ifconfig' arslinux-02: ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.194.132 netmask 255.255.255.0 broadcast 192.168.194.255 inet6 fe80::4c99:ed43:5757:e772 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:14:4f:d9 txqueuelen 1000 (Ethernet) RX packets 7957 bytes 1228538 (1.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7860 bytes 1432289 (1.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 1019 bytes 89448 (87.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1019 bytes 89448 (87.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@arslinux-01 ~]# salt -G role:nginx test.ping arslinux-02: True
能夠給同一類或同一組機器自定義 grains,而後經過 grains 對這些機器進行遠程操做
24.7 pillar
pillar 和 grains不同,是在 master 上定義的,而且是針對 minion 定義的一些信息。像一些比較重要的數據(密碼)能夠存在 pillar 裏,還能夠定義變量等
配置自定義 pillar
一、在配置文件 /etc/salt/master,找到 pillar_roots: 和以後共三行,取消註釋,重啓 salt-master
[root@arslinux-01 ~]# vim /etc/salt/master pillar_roots: base: - /srv/pillar [root@arslinux-01 ~]# systemctl restart salt-master
注意配置中的空格,base 前有2個空格,- 前有4個空格,不能省略
二、建立 /srv/pillar,並在目錄下建立 test.sls,內容爲 conf: /etc/123.conf,能夠再建立個 test2.sls
[root@arslinux-01 ~]# mkdir /srv/pillar [root@arslinux-01 ~]# vi /srv/pillar/test.sls conf: /etc/123.conf [root@arslinux-01 ~]# vi /srv/pillar/test2.sls dir: /data/123 [root@arslinux-01 ~]# vi /srv/pillar/top.sls base: 'arslinux-02': - test - test2 //根據須要和實際能夠定義多個
三、當更改完 pillar 配置文件後,咱們能夠經過刷新 pillar 配置來獲取新的 pillar 狀態,無需重啓 salt-master
[root@arslinux-01 ~]# salt '*' saltutil.refresh_pillar arslinux-01: True arslinux-02: True
四、驗證狀態
[root@arslinux-01 ~]# salt '*' pillar.item conf arslinux-01: ---------- conf: arslinux-02: ---------- conf: /etc/123.conf
[root@arslinux-01 ~]# salt '*' pillar.item conf dir arslinux-01: ---------- conf: dir: arslinux-02: ---------- conf: /etc/123.conf dir: /data/123
——固然,也能夠將不一樣機器的參數寫到同一個 top.sls 中,例如:
base: 'arslinux-02': - test 'arslinux-01': - test2
[root@arslinux-01 ~]# salt '*' saltutil.refresh_pillar arslinux-02: True arslinux-01: True
[root@arslinux-01 ~]# salt '*' pillar.item conf dir arslinux-01: ---------- conf: dir: /data/123 arslinux-02: ---------- conf: /etc/123.conf dir:
能夠看看和以前操做結果的差異
五、pillar 一樣能夠用來做爲 salt 的匹配對象
salt -I '參數' test.ping
[root@arslinux-01 ~]# salt -I 'conf:/etc/123.conf' cmd.run 'w' arslinux-02: 23:21:44 up 1:16, 1 user, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.194.1 22:06 24.00s 0.17s 0.17s -bash [root@arslinux-01 ~]# salt -I 'conf:/etc/123.conf' test.ping arslinux-02: True
24.8 安裝配置httpd
一、master 配置文件中找到 file_roots: 啓用其文件存放目錄
[root@arslinux-01 ~]# vim /etc/salt/master file_roots: base: - /srv/salt/
二、建立 /srv/salt/ 目錄並進入
[root@arslinux-01 ~]# mkdir /srv/salt/ [root@arslinux-01 ~]# cd !$ cd /srv/salt/
三、建立 top.sls,重啓 salt-master
[root@arslinux-01 salt]# vim top.sls base: '*': - httpd [root@arslinux-01 salt]# systemctl restart salt-master
意思是,在全部的客戶端上執行httpd模塊
四、建立 httpd.sls
[root@arslinux-01 salt]# vim httpd.sls httpd-service: pkg.installed: - names: - httpd - httpd-devel service.running: - name: httpd - enable: True
說明: httpd-service 是 id 的名字,自定義的。pkg.installed 爲包安裝函數,下面是要安裝的包的名字。service.running 也是一個函數,來保證指定的服務啓動,enable 表示開機啓動
五、執行安裝命令
[root@arslinux-01 salt]# salt 'arslinux-01' state.highstate
執行命令後,會到 /srv/salt/ 下去找 top.sls,而後其中根據提到的相關模塊,再去執行
整個過程靜默安裝
執行操做前,記得關閉佔用 80 端口的服務,否則會報錯,httpd 啓動不了
24.9 配置管理文件
一、master 上建立 test.sls
[root@arslinux-01 salt]# vim test.sls file_test: file.managed: - name: /tmp/arslinux - source: salt://test/123/ppp.txt - user: root - group: root - mode: 600
說明:第一行的 file_test 爲自定的名字,表示該配置段的名字,能夠在別的配置段中引用它;file.managed 模塊能夠定義參數;name 指在minion 端上建立的文件路徑、名稱;source指定文件從哪裏拷貝;這裏的 salt://test/123/1.txt 至關因而 /srv/salt/test/123/1.txt
二、建立 ppp.txt 文件
[root@arslinux-01 salt]# mkdir test [root@arslinux-01 salt]# mkdir test/123/ [root@arslinux-01 salt]# cp /etc/inittab test/123/ppp.txt
三、更改 top.sls
[root@arslinux-01 salt]# vim top.sls base: '*': - test
四、執行操做
[root@arslinux-01 salt]# salt 'arslinux-02' state.highstate arslinux-02: ---------- ID: file_test Function: file.managed Name: /tmp/arslinux Result: True Comment: File /tmp/arslinux updated Started: 22:43:37.846500 Duration: 167.482 ms Changes: ---------- diff: New file Summary for arslinux-02 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 167.482 ms
五、minion 端查看是否成功建立文件
[root@arslinux-02 ~]# ll /tmp/arslinux -rw------- 1 root root 511 8月 3 22:43 /tmp/arslinux
24.10 配置管理目錄
一、master 上建立 test_dir.sls
[root@arslinux-01 salt]# vim testdir.sls file_dir: file.recurse: - name: /tmp/testdir - source: salt://test/123 - user: root - file_mode: 640 - dir_mode: 750 - mkdir: True - clean: True
說明:clean,加上它以後,源刪除文件或目錄,目標(minion端)也會跟着刪除,不然不會刪除;其餘參數都和以前管理文件相似
二、改 top.sls,能夠直接增長
[root@arslinux-01 salt]# echo ' - testdir' >> top.sls [root@arslinux-01 salt]# cat top.sls base: '*': - test - testdir
三、執行操做
[root@arslinux-01 salt]# salt 'arslinux-02' state.highstate arslinux-02: ---------- ID: file_test Function: file.managed Name: /tmp/arslinux Result: True Comment: File /tmp/arslinux is in the correct state Started: 23:00:27.660586 Duration: 95.354 ms Changes: ---------- ID: file_dir Function: file.recurse Name: /tmp/testdir Result: True Comment: Recursively updated /tmp/testdir Started: 23:00:27.756271 Duration: 325.589 ms Changes: ---------- /tmp/testdir/ppp.txt: ---------- diff: New file mode: 0640 Summary for arslinux-02 ------------ Succeeded: 2 (changed=1) Failed: 0 ------------ Total states run: 2 Total run time: 420.943 ms
四、查看 minion 端是否成功建立及權限是否正確
[root@arslinux-02 ~]# ll /tmp/testdir/ 總用量 4 -rw-r----- 1 root root 511 8月 3 23:00 ppp.txt [root@arslinux-02 ~]# ll -d /tmp/testdir/ drwxr-x--- 2 root root 21 8月 3 23:00 /tmp/testdir/
五、若是在次執行 state.highstate 會報錯,由於沒有了 /test/123/
[root@arslinux-01 salt]# cd test/ [root@arslinux-01 test]# mkdir abc [root@arslinux-01 test]# touch 123.txt [root@arslinux-01 test]# rm -rf 123 [root@arslinux-01 test]# ls 123.txt abc
[root@arslinux-01 test]# salt 'arslinux-02' state.highstate arslinux-02: ---------- ID: file_test Function: file.managed Name: /tmp/arslinux Result: False Comment: Source file salt://test/123/ppp.txt not found in saltenv 'base' Started: 23:08:19.655224 Duration: 140.84 ms Changes: ---------- ID: file_dir Function: file.recurse Name: /tmp/testdir Result: False Comment: Recurse failed: none of the specified sources were found Started: 23:08:19.796420 Duration: 32.291 ms Changes: Summary for arslinux-02 ------------ Succeeded: 0 Failed: 2 ------------ Total states run: 2 Total run time: 173.131 ms
由於刪除了 /test/123/ 所以基於這個目錄的操做會出錯
六、解決問題,將 top.sls 中 test 去除,再也不引用它
[root@arslinux-01 salt]# vim top.sls base: '*': - testdir
七、建立 /srv/salt/test/123/
[root@arslinux-01 salt]# mkdir test/123/ [root@arslinux-01 salt]# mv test/abc test/123.txt test/123/
八、再操做
[root@arslinux-01 salt]# salt 'arslinux-02' state.highstate arslinux-02: ---------- ID: file_dir Function: file.recurse Name: /tmp/testdir Result: True Comment: Recursively updated /tmp/testdir Started: 23:16:26.961983 Duration: 420.045 ms Changes: ---------- /tmp/testdir/123.txt: ---------- diff: New file mode: 0640 removed: - /tmp/testdir/ppp.txt Summary for arslinux-02 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 420.045 ms
九、minion 端並無同步 abc 目錄,由於 abc 爲空,若是想要同步,必須目錄不爲空
[root@arslinux-02 ~]# ll /tmp/testdir/ 總用量 0 -rw-r----- 1 root root 0 8月 3 23:16 123.txt
24.11 配置管理遠程命令
一、編輯 top.sls
[root@arslinux-01 salt]# vim top.sls base: '*': - shell_test
二、建立 shell_test.sls
[root@arslinux-01 salt]# vim shell_test.sls hell_test: cmd.script: - source: salt://test/1.sh - user: root
三、建立腳本 1.sh
[root@arslinux-01 salt]# vim test/1.sh #!/bin/bash touch /tmp/111.txt if [ ! -d /tmp/1233 ] then mkdir /tmp/1233 fi
四、執行操做
[root@arslinux-01 salt]# salt 'arslinux-02' state.highstate arslinux-02: ---------- ID: hell_test Function: cmd.script Result: True Comment: Command 'hell_test' run Started: 16:54:25.741342 Duration: 168.634 ms Changes: ---------- pid: 4413 retcode: 0 stderr: stdout: Summary for arslinux-02 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 168.634 ms
五、minion 端查看
[root@arslinux-02 ~]# ll /tmp/ 總用量 4 -rw-r--r-- 1 root root 0 8月 4 16:54 111.txt drwxr-xr-x 2 root root 6 8月 4 16:54 1233 -rw------- 1 root root 511 8月 3 22:43 arslinux
24.12 配置管理計劃任務
一、編輯 top.sls
[root@arslinux-01 salt]# vim top.sls base: '*': - cron_test
二、建立 cron_test
[root@arslinux-01 salt]# vim cron_test.sls cron_test: cron.present: - name: /bin/touch /tmp/12121212.txt - user: root - minute: '20' - hour: 17 - daymonth: '*' - month: '*' - dayweek: '*'
注意:*須要用單引號引發來。固然咱們還可使用file.managed模塊來管理cron,由於系統的cron都是以配置文件的形式存在的
——想要刪除該cron,須要增長:
cron.absent:
- name: /bin/touch /tmp/111.txt
二者不能共存,要想刪除一個 cron,那以前的 present 就得去掉
三、執行操做
[root@arslinux-01 salt]# salt 'arslinux-02' state.highstate arslinux-02: ---------- ID: cron_test Function: cron.present Name: /bin/touch /tmp/12121212.txt Result: True Comment: Cron /bin/touch /tmp/12121212.txt added to root's crontab Started: 17:16:36.800747 Duration: 543.17 ms Changes: ---------- root: /bin/touch /tmp/12121212.txt Summary for arslinux-02 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 543.170 ms
四、minion 端查看
[root@arslinux-02 ~]# date 2019年 08月 04日 星期日 17:18:11 CST [root@arslinux-02 ~]# ll /tmp/ 總用量 4 -rw-r--r-- 1 root root 0 8月 4 16:54 111.txt drwxr-xr-x 2 root root 6 8月 4 16:54 1233 -rw------- 1 root root 511 8月 3 22:43 arslinux [root@arslinux-02 ~]# crontab -l # Lines below here are managed by Salt, do not edit # SALT_CRON_IDENTIFIER:/bin/touch /tmp/12121212.txt 20 17 * * * /bin/touch /tmp/12121212.txt
五、17點20以後再查看 minion 端
[root@arslinux-02 ~]# ll /tmp/ 總用量 4 -rw-r--r-- 1 root root 0 8月 4 16:54 111.txt -rw-r--r-- 1 root root 0 8月 4 17:20 12121212.txt drwxr-xr-x 2 root root 6 8月 4 16:54 1233 -rw------- 1 root root 511 8月 3 22:43 arslinux
已經成功
六、添加以後不能擅自改動 minion 端的 crontab,不然 master 再次執行 salt 時會再添加一次
[root@arslinux-02 ~]# crontab -e crontab: installing new crontab [root@arslinux-02 ~]# crontab -l # SALT_CRON_IDENTIFIER:/bin/touch /tmp/12121212.txt 20 17 * * * /bin/touch /tmp/12121212.txt [root@arslinux-01 salt]# salt 'arslinux-02' state.highstate arslinux-02: ---------- ID: cron_test Function: cron.present Name: /bin/touch /tmp/12121212.txt Result: True Comment: Cron /bin/touch /tmp/12121212.txt added to root's crontab Started: 17:29:33.617502 Duration: 491.19 ms Changes: ---------- root: /bin/touch /tmp/12121212.txt Summary for arslinux-02 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 491.190 ms
[root@arslinux-02 ~]# crontab -l # SALT_CRON_IDENTIFIER:/bin/touch /tmp/12121212.txt 20 17 * * * /bin/touch /tmp/12121212.txt # Lines below here are managed by Salt, do not edit # SALT_CRON_IDENTIFIER:/bin/touch /tmp/12121212.txt 20 17 * * * /bin/touch /tmp/12121212.txt
——看到提示 # Lines below here are managed by Salt, do not edit
咱們不能隨意改動它,不然就無法刪除或者修改這個cron
七、先修改 minion 端 crontab 到正確狀態
[root@arslinux-02 ~]# crontab -e crontab: installing new crontab [root@arslinux-02 ~]# crontab -l # Lines below here are managed by Salt, do not edit # SALT_CRON_IDENTIFIER:/bin/touch /tmp/12121212.txt 20 17 * * * /bin/touch /tmp/12121212.txt
八、master 端執行刪除 crontab,使用 cron.absent: 模塊
[root@arslinux-01 salt]# vim cron_test.sls cron_test: cron.absent: - name: /bin/touch /tmp/12121212.txt [root@arslinux-01 salt]# salt 'arslinux-02' state.highstate arslinux-02: ---------- ID: cron_test Function: cron.absent Name: /bin/touch /tmp/12121212.txt Result: True Comment: Cron /bin/touch /tmp/12121212.txt removed from root's crontab Started: 17:34:42.720616 Duration: 437.822 ms Changes: ---------- root: /bin/touch /tmp/12121212.txt Summary for arslinux-02 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 437.822 ms
[root@arslinux-02 ~]# crontab -l # Lines below here are managed by Salt, do not edit
24.13 其餘命令
cp.get_file 拷貝 master 上的文件到客戶端
cp.get_dir 拷貝 master 上的目錄到客戶端
[root@arslinux-01 salt]# cp /etc/passwd test/1.txt
[root@arslinux-01 salt]# salt '*' cp.get_file salt://test/1.txt /tmp/1234567.txt arslinux-02: /tmp/1234567.txt arslinux-01: /tmp/1234567.txt
[root@arslinux-01 salt]# salt '*' cp.get_dir salt://test/123/ /tmp/ arslinux-01: - /tmp//123/123.txt - /tmp//123/abc arslinux-02: - /tmp//123/123.txt - /tmp//123/abc
salt-rum manage.up 顯示存活的 minion
salt '*' cmd.script salt://腳本 命令行下執行 master 上的 shell 腳本
[root@arslinux-01 salt]# salt-run manage.up - arslinux-01 - arslinux-02
[root@arslinux-01 salt]# salt '*' cmd.script salt://test/1.sh arslinux-01: ---------- pid: 21621 retcode: 0 stderr: stdout: arslinux-02: ---------- pid: 7289 retcode: 0 stderr: stdout:
24.14 salt-ssh使用
salt-ssh 不須要對客戶端作認證,客戶端也不用安裝 salt-minion,它相似 pssh/expect
一、安裝 salt-ssh
[root@arslinux-01 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm [root@arslinux-01 ~]# yum install -y salt-ssh
二、編輯配置文件 roster
[root@arslinux-01 ~]# vim /etc/salt/roster arslinux-01: host: 192.168.194.130 user: root passwd: xxxxxxx arslinux-02: host: 192.168.194.132 user: root passwd: xxxxxxx
三、測試可否登陸
[root@arslinux-01 ~]# salt-ssh --key-deploy '*' -r 'w' [ERROR ] Failed collecting tops for Python binary python3. arslinux-02: ---------- retcode: 0 stderr: stdout: root@192.168.194.132's password: 19:25:46 up 2:42, 1 user, load average: 0.00, 0.06, 0.09 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.194.1 16:44 1:50m 0.09s 0.09s -bash arslinux-01: ---------- retcode: 0 stderr: stdout: root@192.168.194.130's password: 19:25:46 up 2:42, 1 user, load average: 0.45, 0.22, 0.17 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.194.1 16:44 10.00s 9.07s 0.04s /usr/bin/python /usr/bin/salt-ssh --key-deploy * -r w
[root@arslinux-01 ~]# date 2019年 08月 04日 星期日 19:27:10 CST [root@arslinux-01 ~]# ll /root/.ssh/authorized_keys -rw-r--r--. 1 root root 1191 8月 4 19:25 /root/.ssh/authorized_keys [root@arslinux-02 ~]# ll /root/.ssh/authorized_keys -rw-r--r--. 1 root root 1199 8月 4 19:25 /root/.ssh/authorized_keys
公鑰已經傳遞了過去
四、刪除 roster 中的密碼,再執行,能夠登陸
[root@arslinux-01 ~]# salt-ssh --key-deploy '*' -r 'w' arslinux-02: ---------- retcode: 0 stderr: stdout: 19:30:23 up 2:47, 1 user, load average: 0.00, 0.03, 0.06 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.194.1 16:44 1:27 0.10s 0.10s -bash arslinux-01: ---------- retcode: 0 stderr: stdout: 19:30:23 up 2:47, 1 user, load average: 0.25, 0.18, 0.16 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.194.1 16:44 7.00s 1.49s 0.02s /usr/bin/python /usr/bin/salt-ssh --key-deploy * -r w
相關文章
- 1. 自動化運維(一)——Saltstack
- 2. 自動化運維—saltstack
- 3. 自動化運維之saltstack
- 4. Saltstack自動化運維
- 5. 自動化運維之Saltstack
- 6. saltstack 自動化運維
- 7. Saltstack 自動化運維
- 8. 一、自動化運維之SaltStack實踐
- 9. 自動化運維——saltstack的部署
- 10. 101: 自動化運維saltstack ansible
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • Spring自動裝配Bean - Spring教程
- • SpringBoot中properties文件不能自動提示解決方法
- • IntelliJ IDEA中SpringBoot properties文件不能自動提示問題解決
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章