自動化運維—saltstack
自動化運維——saltstack 、ansible
1、自動化運維介紹
傳統運維:傳統運維效率低,大多工做須要人工完成,工做繁瑣,容易出錯,每日重複作相同的事情,沒有標準化流程,腳本過多,不方便管理。html
自動化運維:解決上面全部問題。node
常見自動化運維工具:python
- Puppet:基於rubby開發,c/s架構,支持多平臺,可管理配置文件、用戶、cron任務、軟件包、系統服務等。分爲社區版和企業版,企業版支持圖形化配置。
- Saltstack:基於Python開發,c/s架構,支持多平臺,比Puppet輕量,在遠程執行命令時很是快捷,配置和使用比puppet容易,能實現puppet幾乎全部的功能。
- Ansible:更加簡潔的自動化運維工具,不須要在客戶端上安裝客戶端軟件,基於Python開發的。能夠實現批量操做系統配置、批量程序的部署、批量執行命令。
2、saltstack安裝與啓動
saltstack介紹文檔: https://docs.saltstack.com/en/latest/topics/index.htmllinux
saltstack操做方式ios
- 使用salt-ssh遠程執行,相似ansible,
- 支持c/s模式
如今按照c/s模式使用,須要準備三臺臺機器:nginx
| hostname | IP | 功能 |
|---|---|---|
| ying01 | 192.168.112.136 | master |
| ying02 | 192.168.112.138 | minion |
| ying03 | 192.168.112.139 | minion |
先分別在ying0一、ying0二、ying03上,設置hostsgit
# vim /etc/hosts 三臺機器都設置同樣 192.168.112.136 ying01 192.168.112.138 ying02 192.168.112.139 ying03
在ying01上:web
安裝repo倉庫,而後安裝 salt-master 和salt-minion包sql
[root@ying01 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.no [root@ying01 ~]# yum install -y salt-master salt-minion
編輯配置文件mongodb
[root@ying01 ~]# vim /etc/salt/minion #master: salt 改成 master: ying01
開啓salt-master服務,並查看進程以及監聽端口
[root@ying01 ~]# systemctl start salt-master; systemctl start salt-minion //開啓salt-maste和minion服務 [root@ying01 ~]# ps aux |grep salt root 8784 4.0 0.7 313768 21396 ? Ss 20:41 0:00 /usr/bin/python /usr/bin/salt-minion root 8789 29.2 1.4 565120 42440 ? Sl 20:41 0:03 /usr/bin/python /usr/bin/salt-minion root 8800 0.6 0.6 403988 20088 ? S 20:41 0:00 /usr/bin/python /usr/bin/salt-minion root 8892 0.0 0.0 112720 984 pts/0 S+ 20:41 0:00 grep --color=auto salt root 36595 0.0 1.1 389140 34820 ? Ss 12:21 0:03 /usr/bin/python /usr/bin/salt-master root 36609 0.0 0.6 306180 19468 ? S 12:21 0:00 /usr/bin/python /usr/bin/salt-master root 36619 0.0 1.1 469796 33192 ? Sl 12:21 0:00 /usr/bin/python /usr/bin/salt-master root 36620 0.0 1.1 388000 33160 ? R 12:21 0:02 /usr/bin/python /usr/bin/salt-master root 36624 0.7 2.3 424356 67020 ? S 12:21 3:47 /usr/bin/python /usr/bin/salt-master root 36625 0.0 1.1 388988 33904 ? S 12:21 0:02 /usr/bin/python /usr/bin/salt-master root 36626 0.1 1.1 462872 34596 ? Sl 12:21 0:48 /usr/bin/python /usr/bin/salt-master root 36628 0.0 1.1 765624 34060 ? Sl 12:21 0:00 /usr/bin/python /usr/bin/salt-master root 36636 0.0 1.6 484820 46944 ? Sl 12:21 0:04 /usr/bin/python /usr/bin/salt-master root 36639 0.0 1.6 484824 46864 ? Sl 12:21 0:04 /usr/bin/python /usr/bin/salt-master root 36640 0.0 1.6 484824 46864 ? Sl 12:21 0:03 /usr/bin/python /usr/bin/salt-master root 36643 0.0 1.6 484828 47284 ? Sl 12:21 0:07 /usr/bin/python /usr/bin/salt-master root 36644 0.0 1.6 484836 46916 ? Sl 12:21 0:03 /usr/bin/python /usr/bin/salt-master [root@ying01 ~]# netstat -lntp|grep python tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 36619/python tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 36628/python
- 監聽端口4505 做用是 發佈消息;也就是zeromq.x86_64 0:4.1.4-7.el7,這個包的端口。
- 監聽端口4506 做用是salt-master和salt-minion通訊
ying0二、ying03上:
安裝repo倉庫,而後安裝salt-minion包(注意:客戶端只安裝minion包)
[root@ying02 ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.no [root@ying02 ~]# yum install -y salt-master salt-minion
編輯配置文件
[root@ying02 ~]# vim /etc/salt/minion #master: salt 改成 master: ying02 //ying03機器應寫ying03
開啓salt-minion服務,並查看進程;(注意:服務端沒有監聽端口,只在服務端)
[root@ying02 ~]# systemctl start salt-minion [root@ying02 ~]# ps aux |grep salt root 5978 0.7 1.1 313768 21396 ? Ss 12:14 0:00 /usr/bin/python /usr/bin/salt-minion root 5981 3.3 2.2 567256 42456 ? Sl 12:14 0:01 /usr/bin/python /usr/bin/salt-minion root 5989 0.0 1.0 403992 20088 ? S 12:14 0:00 /usr/bin/python /usr/bin/salt-minion root 6068 0.0 0.0 112720 980 pts/0 S+ 12:15 0:00 grep --color=auto salt
ying03和ying02機器,做爲客戶端,操做步驟同樣;
3、saltstack配置認證
master端和minion端通訊:
- 須要創建一個安全通道,傳輸過程須要加密,因此得配置認證,也是經過密鑰對來加密解密的。
認證的過程:
- minion在第一次啓動時會在/etc/salt/pki/minion/下生成minion.pem和minion.pub,其中.pub爲公鑰,它會把公鑰傳輸給master。
- master第一次啓動時也會在/etc/salt/pki/master下生成密鑰對,當master接收到minion傳過來的公鑰後,(經過salt-key工具接受這個公鑰)就會在/etc/salt/pki/master/minions/目錄裏存放剛剛接受的公鑰,同時客戶端也會接受master傳過去的公鑰,把它放在/etc/salt/pki/minion目錄下,並命名爲minion_master.pub
- 通訊過程須要藉助salt-key工具來實現。
- salt-key命令用法
參數 做用 -a 後面跟主機名,認證指定主機 -A 認證全部主機 -r 跟主機名,拒絕指定主機 -R 拒絕全部主機 -d 跟主機名,刪除指定主機認證 -D 刪除所有主機認證 -y 省略掉交互,至關於直接按了y
在ying0二、ying03上,salt-minion服務啓動下,/etc/salt/pki/minion/生成私鑰和公鑰
[root@ying02 ~]# ls /etc/salt/pki/minion/ //minion端的私鑰和公鑰 minion.pem minion.pub [root@ying02 ~]# cat /etc/salt/pki/minion/minion.pub //minion端的公鑰 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7KYLLEjj/ScVG3Tn7Ads TdiXrZyKffzqzT94i6brSuZpJ8CF0C5O4GxeX3lTmlzjG2bBJuJKabijbIITG5Xo p8cJh3G2f2g3vpOXo22pBGS6qHIhSp82KkPv6DK0BxwtcltLcLiR1jEcGJRdfMaI XA7R9Yn5+9seyZwaJ1XFfhFURLWcn5lARgBPlDFVh2AZZRkGE0R9s5QSVpeoymVu /i1piY36jKAE6+X2Fs3k6tIHDToeewPBPMkS/kBA0gu+yHDIM+aPsf6C6we1+uDj 7IUxBGnyaEKt7iSVjkIbcfq5279L6t0DKAJ/w0nu2N7FFolyROt8CvEkmXVl+Ojr 5wIDAQAB -----END PUBLIC KEY-----[root@ying02 ~]# ^C [root@ying02 ~]# ls /etc/salt/pki/minion/minion.pem //minion端的私鑰文件 /etc/salt/pki/minion/minion.pem
在ying01上,/etc/salt/pki/master下生成密鑰對
[root@ying01 ~]# ls /etc/salt/pki/master/ master.pem master.pub minions minions_autosign minions_denied minions_pre minions_rejected [root@ying01 ~]# ls -l /etc/salt/pki/master/minions //由於沒有和minion相連,因此此時目錄爲空 總用量 0 [root@ying01 ~]# ls -l /etc/salt/pki/master/master.pem //master私鑰文件 -r-------- 1 root root 1678 9月 6 22:40 /etc/salt/pki/master/master.pem [root@ying01 ~]# cat /etc/salt/pki/master/master.pub //master公鑰文件 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOluTrUZxwa2YHWeJl9A VRCMW0eyYYPhHCbt+dkKsFY9HYOHfWqdcgGg8ZZwelBbHeEbZOqRXM7ofPucm5z9 124+Wp65kgKJpdSmfwFmge+ZZ38uYoQYG2QUDPIaefAk95DquGpTLXLz9BA3YC/K iKEffkM4jS0CgyWD4191Wdmt79/VkO0nK3/QQrtAg3SXAOo2P5JEhrJE0wyk2U0j iF0t+hV9WJ9/ENdYjirq6R9leT/qp3ZoounboyIIqbEdjVzhGxahtOaoPz5Js6e3 vbvun2H5/GYzSHkPQcUAub7Uh+O2smN6c7P7svVK8Hmkf0RlQD+Sy/FDkt1G1jaX ZwIDAQAB -----END PUBLIC KEY-----[root@ying01 ~]#
如今用salt-key工具認證ying0二、ying03機器;salt-key -a hostname
[root@ying01 ~]# salt-key -a ying02 //認證ying02 The following keys are going to be accepted: Unaccepted Keys: ying02 Proceed? [n/Y] y Key for minion ying02 accepted. [root@ying01 ~]# salt-key -a ying03 //人證ying03 The following keys are going to be accepted: Unaccepted Keys: ying03 Proceed? [n/Y] y Key for minion ying03 accepted. [root@ying01 ~]# salt-key -L //查看全部minion-key;也能夠不用加-L Accepted Keys: ying02 ying03 Denied Keys: Unaccepted Keys: ying01 Rejected Keys: [root@ying01 ~]# ls /etc/salt/pki/master/minions //此時master/minions新增長ying02和ying03的祕鑰 ying02 ying03 [root@ying01 ~]# cat /etc/salt/pki/master/minions/ying02 //ying02文件內容就是ying02機器上祕鑰 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7KYLLEjj/ScVG3Tn7Ads TdiXrZyKffzqzT94i6brSuZpJ8CF0C5O4GxeX3lTmlzjG2bBJuJKabijbIITG5Xo p8cJh3G2f2g3vpOXo22pBGS6qHIhSp82KkPv6DK0BxwtcltLcLiR1jEcGJRdfMaI XA7R9Yn5+9seyZwaJ1XFfhFURLWcn5lARgBPlDFVh2AZZRkGE0R9s5QSVpeoymVu /i1piY36jKAE6+X2Fs3k6tIHDToeewPBPMkS/kBA0gu+yHDIM+aPsf6C6we1+uDj 7IUxBGnyaEKt7iSVjkIbcfq5279L6t0DKAJ/w0nu2N7FFolyROt8CvEkmXVl+Ojr 5wIDAQAB -----END PUBLIC KEY-----[root@ying01 ~]# [root@ying01 ~]# cat /etc/salt/pki/master/minions/ying03 //ying02文件內容就是ying02機器上祕鑰 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowYYFMxw2mCZ+p21DfbO 1riksVAUXUzHV0nmVrhWB9Q21VeDSuHPxeAV9qdFZB0q2RNrHlG9JV02fjqgN5e7 TtOhJNRrDNb8G2ySz1UAhfu6RrsKM7UgKRj2enJVbXR7TI7w91QWoXKRUIWcu4rs l/XvCUvKdzdde9I3Qtk8JGQjfBT132hFR+FgUIoZ3u+C1Fo7nzfSYrmqN7P/ndFy URbqjJdS4rG10NvV5b8tbc403CAkp1NzjnfQzYKLuzZbRvRTze9axtOOBUJobdeX oOQPHFFemLzpvB7JD+WBdswOKD7h5QfqdQFfcyyT74gKleb1yJInwg+H4O/7czyW gwIDAQAB -----END PUBLIC KEY-----[root@ying01 ~]#
認證全部主機:salt-key -A
[root@ying01 ~]# salt-key -A //認證全部主機 The following keys are going to be accepted: Unaccepted Keys: ying01 Proceed? [n/Y] y Key for minion ying01 accepted. [root@ying01 ~]# salt-key //等同於salt-key -L Accepted Keys: ying01 ying02 ying03 Denied Keys: Unaccepted Keys: Rejected Keys: [root@ying01 ~]# ls /etc/salt/pki/master/minions //此時ying01的公鑰也添加上了 ying01 ying02 ying03
刪除所有主機認證: salt-key -D
[root@ying01 ~]# salt-key -D //刪除全部認證主機 The following keys are going to be deleted: Accepted Keys: ying01 ying02 ying03 Proceed? [N/y] y Key for minion ying01 deleted. Key for minion ying02 deleted. Key for minion ying03 deleted. [root@ying01 ~]# ls -l /etc/salt/pki/master/minions //此時minions目錄下爲空了 總用量 0
從新認證主機,能夠salt-key -A,可是必須在三臺機器上重啓: systemctl restart salt-minion
[root@ying01 ~]# systemctl restart salt-minion //注意ying0二、ying03機器也要重啓 salt-minion服務 [root@ying01 ~]# salt-key -A The following keys are going to be accepted: Unaccepted Keys: ying01 ying02 ying03 Proceed? [n/Y] y Key for minion ying01 accepted. Key for minion ying02 accepted. Key for minion ying03 accepted. [root@ying01 ~]# salt-key -L Accepted Keys: ying01 ying02 ying03 Denied Keys: Unaccepted Keys: Rejected Keys: [root@ying01 ~]# ls /etc/salt/pki/master/minions //此時3個祕鑰又添加上 ying01 ying02 ying03
刪除某個認證用戶:salt-key -d ying02 -y
[root@ying01 ~]# salt-key -d ying02 -y The following keys are going to be deleted: Accepted Keys: ying02 Key for minion ying02 deleted. [root@ying01 ~]# salt-key Accepted Keys: ying01 ying03 Denied Keys: Unaccepted Keys: Rejected Keys:
要繼續認證ying02主機,需在ying02上重啓 systemctl restart salt-minion 服務。
[root@ying01 ~]# salt-key Accepted Keys: ying01 ying03 Denied Keys: Unaccepted Keys: //此時在 未接受祕鑰下 ying02 Rejected Keys: [root@ying01 ~]# salt-key -r ying02 -y //直接拒絕ying02主機 The following keys are going to be rejected: Unaccepted Keys: ying02 Key for minion ying02 rejected. [root@ying01 ~]# salt-key Accepted Keys: ying01 ying03 Denied Keys: Unaccepted Keys: Rejected Keys: //此時ying02在 被拒絕祕鑰下 ying02
要從新認證,先把ying02刪除,載ying02機器上重啓服務,再用-a認證
[root@ying01 ~]# salt-key -d ying02 -y The following keys are going to be deleted: Rejected Keys: ying02 Key for minion ying02 deleted. [root@ying01 ~]# salt-key Accepted Keys: ying01 ying03 Denied Keys: Unaccepted Keys: Rejected Keys: [root@ying01 ~]# salt-key -a ying02 -y The following keys are going to be accepted: Unaccepted Keys: ying02 Key for minion ying02 accepted. [root@ying01 ~]# salt-key Accepted Keys: ying01 ying02 ying03 Denied Keys: Unaccepted Keys: Rejected Keys:
關於salt-keys 認證出不一樣的用戶名
[root@ying01 ~]# salt-key Accepted Keys: Denied Keys: Unaccepted Keys: www.qq.com //這裏應該爲ying01 ying02 ying03 Rejected Keys:只是第一次試驗的時候,作域名測試時,在/etc/hosts 下面 192.168.112.136 www.qq.com
[root@ying01 ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 113.108.182.52 www.hao123.com www.baidu.com 192.168.112.136 www.qq.com www.126.com //此時會影響試驗,必須啓動salt服務前註釋掉 127.0.0.1 ying.com 192.168.112.136 ying01 192.168.112.138 ying02 192.168.112.139 ying03
有一點疑點未解決,但不影響試驗
個人理解是,既然ying01也被本身認證,此時的/master/minions/ying01的內容應該和maste.pub公鑰同樣,可是下面卻明顯不一致。
[root@ying01 ~]# cat /etc/salt/pki/master/master.pub -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20gzxxsQbHB4+ugOBuOP JUna9bUojcp38obTJ+1Ku3ZQS9RDvfIV1XBfwrMo6cKPR1WtVCwv+wkTBwU9ZXAs lvOwq4H0W2z/ccV+9OOCmHclxfH6A13Kh7hvgEqCRYIWUMO5nKad/DCmfuVUDprf XxEdOzJlDwWnvLYCq0Xj07BTwfyFOF/an8X/2PVEtiQF0inVr0t4f853/mxNZkj6 u+cAUINPdJUy+267/wfVzh6qKjedGgW036D28mChS/Fd95M5mWdytNdxkx3vtTEo WHD7wprVItNsjZ8YNTRc50IVbfhm4qUV5JMNAahTTMomBmPHR9F07URjxw7yXZHm LQIDAQAB -----END PUBLIC KEY-----[root@ying01 ~]# [root@ying01 ~]# cat /etc/salt/pki/master/minions/ying01 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyejgyMDuYRLwG71rKhOB U/tCyPdgQ8t4Z+lv15nY+1ScOKTnScv4Y4Kn8tMD+ySc/soWSUlwFkHZkI3/Qub5 INaMj1d9IMQFuVMyjzVGxeVajv1wb7AL4S5tssy6eax+kNmrv4FRW19m5s4NVi/i exa7/71r2mAIp7DOyLwYmyuH72HTpwElVRzr1xIKOcMLO0ipmtCEmXcdwe90KxUZ 2eM+zCP3fcxOY0nfE1aGbHwQCz3FnQgfJ1kHbjlxkmprwxo/t4R6NvOF/w1/9p+y po2pd25GYL5RxTNtZKPjVwFmux4NDMWO3XTkPJjutj+7J5U7nSpqW4GTIXn3t2uC +wIDAQAB -----END PUBLIC KEY-----[root@ying01 ~]#
4、saltstack遠程執行命令
salt '*' test.ping:測試全部認證主機是否存活
[root@ying01 ~]# salt '*' test.ping
ying02:
True
ying03:
True
ying01:
True
注意:這裏的*必須是在master上已經被接受過認證的客戶端,能夠經過salt-key查到,一般是咱們已經設定的id值。也能夠指定一個認證用戶,好比 salt 'yin01' test.ping
salt '*' cmd.run "命令" : 在全部認證用戶上執行命令
[root@ying01 ~]# salt '*' cmd.run "hostname" //顯示全部機器的主機名
ying03:
ying03
ying02:
ying02
ying01:
ying01
[root@ying01 ~]# salt '*' cmd.run "tail -n2 /etc/passwd" //顯示全部主機下/etc/passwd文件最後兩行內容
ying03:
nginx:x:997:995:Nginx web server:/var/lib/nginx:/sbin/nologin
mongod:x:996:994:mongod:/var/lib/mongo:/bin/false
ying02:
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
git:x:1001:1001::/home/git:/usr/bin/git-shell
ying01:
gitlab-psql:x:991:987::/var/opt/gitlab/postgresql:/bin/sh
gitlab-prometheus:x:990:986::/var/opt/gitlab/prometheus:/bin/sh
[root@ying01 ~]# salt 'ying01' cmd.run "hostname" //只打印ying01
ying01:
ying01
[root@ying01 ~]# salt 'ying02' cmd.run "hostname"
ying02:
ying02
[root@ying01 ~]# salt 'ying*' cmd.run "hostname" //支持正則,通配符
ying03:
ying03
ying01:
ying01
ying02:
ying02
[root@ying01 ~]# salt 'ying0[23]' cmd.run "hostname" //顯示0二、03
ying03:
ying03
ying02:
ying02
salt -L 'ying01,ying03' cmd.run "hostname" 顯示指定多個用戶,中間用逗號隔開
[root@ying01 ~]# salt -L 'ying01,ying03' cmd.run "hostname"
ying01:
ying01
ying03:
ying03
salt -E 'ying[0-9]+' cmd.run "hostname" -E 可使用正則
[root@ying01 ~]# salt -E 'ying[0-9]+' cmd.run "hostname"
ying01:
ying01
ying02:
ying02
ying03:
ying03
[root@ying01 ~]# salt -E 'ying0[0-9]' cmd.run "hostname"
ying02:
ying02
ying01:
ying01
ying03:
ying03
[root@ying01 ~]# salt -E 'ying[0-9]' cmd.run "hostname"
ying03:
ying03
ying02:
ying02
ying01:
ying01
[root@ying01 ~]# salt -E 'ying(02|03)' cmd.run "hostname"
ying03:
ying03
ying02:
ying02
[root@ying01 ~]#
5、saltstack – grains
grains是在minion啓動時收集到的一些信息,好比操做系統類型、網卡ip、內核版本、cpu架構等。
- 默認grains配置
在master端ying01上,列出ying02機器上grains項目名字
[root@ying01 ~]# salt 'ying02' grains.ls
ying02:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_gw
- ip4_interfaces
- ip6_gw
- ip6_interfaces
- ip_gw
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- kernelversion
- locale_info
- localhost
- lsb_distrib_codename
- lsb_distrib_id
- machine_id
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- serialnumber
- server_id
- shell
- swap_total
- systemd
- uid
- username
- uuid
- virtual
- zfs_feature_flags
- zfs_support
- zmqversion
salt 'ying02' grains.items 列出ying02機器上grains項目以及值
[root@ying01 ~]# salt 'ying02' grains.items //篇幅關係,只列出部分
ying02:
----------
SSDs:
biosreleasedate:
07/31/2013
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
salt 'ying02' grains.item dns 列出ying02機器上grains中dns項目及其值
[root@ying01 ~]# salt 'ying02' grains.item dns
ying02:
----------
dns:
----------
domain:
ip4_nameservers:
- 119.29.29.29
ip6_nameservers:
nameservers:
- 119.29.29.29
options:
search:
sortlist:
[root@ying01 ~]# salt 'ying02' grains.item hwaddr_interfaces //一樣列出hwaddr_interfaces項目的值
ying02:
----------
hwaddr_interfaces:
----------
ens33:
00:0c:29:c6:2c:24
ens37:
00:0c:29:c6:2c:2e
lo:
00:00:00:00:00:00
- 自定義grain文件
在客戶端ying02上新建vim /etc/salt/grains文件,並重啓salt-minion服務
[root@ying02 ~]# vim /etc/salt/grains role: nginx env: test [root@ying02 ~]# systemctl restart salt-minion.service
salt '*' grains.item role env :列出role、env項目的值
[root@ying01 ~]# salt '*' grains.item role env
ying02:
----------
env:
test
role:
nginx
ying03:
----------
env:
test
role:
httpd
ying01:
----------
env:
role:
[root@ying01 ~]# salt '*' grains.item feng //feng無定義此項目,因此顯示無
ying02:
----------
feng:
ying03:
----------
feng:
ying01:
----------
feng:
6、saltstack – pillar
pillar和grains不同,是在master上定義的,而且是針對minion定義的一些信息。像一些比較重要的數據(密碼)能夠存在pillar裏,還能夠定義變量等
- 加載saltstack配置文件中的pillar
在master主機(ying01)修改/etc/salt/master文件,加載pillar配置
[root@ying01 ~]# vim /etc/salt/master #pillar_roots: //去掉#號 # base: //去掉#號 # - /srv/pillar //去掉#號
重啓salt-master服務,建立在配置文件(master文件)定義的目錄。
[root@ying01 ~]# systemctl restart salt-master [root@ying01 ~]# mkdir /srv/pillar
- 自定義配置自定義pillar
切換到此目錄下,建立子配置test.sls文件,這個文件salt不會直接加載須要建立,引導文件
[root@ying01 ~]# cd /srv/pillar [root@ying01 pillar]# vim test.sls conf: /etc/123.conf
建立引導文件top.sls
[root@ying01 pillar]# vim /srv/pillar/top.sls
base:
'ying02': //在ying02機器下
- test //加載test配置
當更改完pillar配置文件後,咱們能夠經過刷新pillar配置來獲取新的pillar狀態
[root@ying01 pillar]# salt '*' saltutil.refresh_pillar //刷新
ying02:
True
ying01:
True
ying03:
True
[root@ying01 pillar]# salt '*' pillar.item conf
ying02:
----------
conf:
/etc/123.conf
ying01:
----------
conf:
ying03:
----------
conf:
- top文件能夠添加多個子配置文件
分別建立test2.sls 、test2.sls子配置文件
[root@ying01 pillar]# vim test2.sls zzz: /date/test2 [root@ying01 pillar]# vim test3.sls qqq: /tmp/test3
在把上面2個子配置文件,添加到top文件
[root@ying01 pillar]# vim top.sls
base:
'ying02':
- test
- test1
'ying03':
- test2
- test3
查看項目 www、conf、zzz、qqq
[root@ying01 pillar]# salt '*' saltutil.refresh_pillar
ying02:
True
ying03:
True
ying01:
True
[root@ying01 pillar]# salt '*' pillar.item www conf zzz qqq
ying03:
----------
conf:
qqq:
/tmp/test3
www:
zzz:
/date/test2
ying02:
----------
conf:
/etc/123.conf
qqq:
www:
/date/123
zzz:
ying01:
----------
conf:
qqq:
www:
zzz:
- 能夠把多個子配置文件寫在一個子配置裏
好比在test4中,建立3個項目,至關於包含3個子配置文件
[root@ying01 pillar]# vim test4.sls
AAA: /tmp/test3
BBB: /tmp/ok
CCC: /tmp/nba
[root@ying01 pillar]# vim top.sls //把test4添加到引導文件top.sls中
base:
'ying02':
- test
- test1
'ying03':
- test2
- test3
'ying01':
- test4
刷新測試,test4中項目都會列出來
[root@ying01 pillar]# salt '*' saltutil.refresh_pillar //刷新配置文件
[root@ying01 pillar]# salt '*' pillar.item AAA BBB CCC
ying01:
----------
AAA:
/tmp/test3
BBB:
/tmp/ok
CCC:
/tmp/nba
ying03:
----------
AAA:
BBB:
CCC:
ying02:
----------
AAA:
BBB:
CCC:
7、saltstack安裝配置httpd
在master主機(ying01)修改/etc/salt/master文件,加file_roots配置
[root@ying01 ~]# vim /etc/salt/master # file_roots: //去掉#號 # base: //去掉#號,前面2個空格 # - /srv/salt/ //去掉#號,前面4個空格
重啓salt-master服務,建立在配置文件(master文件)定義的目錄。
[root@ying01 ~]# systemctl restart salt-master [root@ying01 ~]# mkdir /srv/salt [root@ying01 ~]# cd /srv/salt/
建立top引導文件,意思是 在全部主機上加載httpd模塊
[root@ying01 salt]# vim /srv/salt/top.sls
base:
'*': //星號,表明全部認證主機
- httpd //加載httpd模塊
新建httpd模塊配置文件
[root@ying01 salt]# vim httpd.sls
httpd-service: //id的名稱,能夠自定義
pkg.installed: //包安裝函數
- names: //加載服務名稱; 若是要安裝一個服務,寫成: -names: httpd 不用換行
- httpd //要加載的服務1
- httpd-devel //要加載的服務2
service.running: //來保證指定的服務啓動的函數
- name: httpd //啓動服務的名稱是 httpd
- enable: True //ture 表示開機啓動,
查看3臺機器是否安裝httpd服務;系統服務都在這個目錄下:/lib/systemd/system
[root@ying01 salt]# ls /lib/systemd/system |grep httpd //ying01機器httpd服務 httpd.service [root@ying02 ~]# ls /lib/systemd/system |grep httpd //ying02上沒有此服務 [root@ying03 ~]# ls /lib/systemd/system |grep httpd //ying02上沒有此服務
在ying01上給ying02安裝httpd服務
[root@ying01 salt]# salt-key //認證的主機 Accepted Keys: ying01 ying02 ying03 Denied Keys: Unaccepted Keys: Rejected Keys: [root@ying01 salt]# salt 'ying02' state.highstate //state.highstate會加載/srv/salt/top.sls中模塊
在執行 salt 'aming-02' state.highstate 執行過程會比較慢,由於ying02客戶端上在yum install httpd httpd-devel;在master執行命令的時候,機器會在後檯安裝,此時到ying02上能夠看到yum、httpd進程,說明httpd服務正在經過mater機器
[root@ying02 ~]# ps aux |grep yum root 26256 2.5 1.5 328292 28268 ? Sl 10:45 0:00 /usr/bin/python /usr/bin/yum --quiet --assumeyes check-update --setopt=autocheck_running_kernel=false root 26284 0.0 0.0 112720 980 pts/0 S+ 10:45 0:00 grep --color=auto yum [root@ying02 ~]# ps aux |grep yum root 26323 44.7 3.8 517040 71984 ? S 10:46 0:01 /usr/bin/python /usr/bin/yum -y install httpd root 26334 0.0 0.0 112720 984 pts/0 S+ 10:46 0:00 grep --color=auto yum [root@ying02 ~]# ps aux |grep httpd root 26323 1.9 3.8 517068 72132 ? S 10:46 0:01 /usr/bin/python /usr/bin/yum -y install httpd root 26404 0.0 0.0 112720 984 pts/0 S+ 10:47 0:00 grep --color=auto httpd
幾分鐘後,在master上出現執行結果反饋的信息
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 11:12:04.700830
Duration: 880.223 ms
Changes:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 11:12:05.581273
Duration: 28.955 ms
Changes:
----------
ID: httpd-service
Function: service.running
Name: httpd
Result: False //有錯誤
Comment: Running scope as unit run-27315.scope.
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Started: 11:12:05.611094
Duration: 123.602 ms
Changes:
Summary for ying02
------------
Succeeded: 2
Failed: 1
------------
Total states run: 3
Total run time: 1.033 s
ERROR: Minions returned with non-zero exit code
從上面信息,能夠看出 service.running 模塊加載有問題,那說明是httpd啓動有問題
到客戶端ying02上,查看日誌信息
[root@ying02 ~]# cat /var/log/salt/minion |grep httpd 2018-09-09 10:50:24,722 [salt.loaded.int.module.cmdmod:753 ][ERROR ][26156] Command '[u'systemd-run', u'--scope', u'systemctl', 'start', u'httpd.service']' failed with return code: 1 Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
打開端口查看,咱們發現httpd啓動所須要的80端口,被nginx佔用,中止nginx服務
[root@ying02 ~]# netstat -lnpt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 535/rpcbind tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1023/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 836/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1064/master tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 867/zabbix_agentd tcp 0 0 192.168.112.138:27017 0.0.0.0:* LISTEN 1151/mongod tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 1151/mongod tcp6 0 0 :::111 :::* LISTEN 535/rpcbind tcp6 0 0 :::22 :::* LISTEN 836/sshd tcp6 0 0 ::1:25 :::* LISTEN 1064/master tcp6 0 0 :::10050 :::* LISTEN 867/zabbix_agentd [root@ying02 ~]# /etc/init.d/nginx stop Stopping nginx (via systemctl): [ 肯定 ]
現開啓httpd服務
[root@ying02 ~]# systemctl start httpd [root@ying02 ~]# netstat -lnpt |grep httpd tcp6 0 0 :::80 :::* LISTEN 28117/httpd [root@ying02 ~]# ps aux |grep httpd root 28117 0.0 0.2 224020 4996 ? Ss 11:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 28118 0.0 0.1 224020 2948 ? S 11:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 28119 0.0 0.1 224020 2948 ? S 11:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 28120 0.0 0.1 224020 2948 ? S 11:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 28121 0.0 0.1 224020 2948 ? S 11:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 28122 0.0 0.1 224020 2948 ? S 11:36 0:00 /usr/sbin/httpd -DFOREGROUND root 28147 0.0 0.0 112720 984 pts/0 S+ 11:37 0:00 grep --color=auto httpd
OK,成功啓動,說明在用salt遠程安裝的時候,應該把注意客戶機已開啓的服務對即將進行的安裝,是否產生干涉;
再運行一次,檢測
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 11:52:08.191272
Duration: 988.077 ms
Changes:
----------
ID: httpd-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: All specified packages are already installed
Started: 11:52:09.179540
Duration: 25.382 ms
Changes:
----------
ID: httpd-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is in the desired state
Started: 11:52:09.205649
Duration: 187.809 ms
Changes:
----------
httpd:
True
Summary for ying02
------------
Succeeded: 3 (changed=1)
Failed: 0
------------
Total states run: 3
Total run time: 1.201 s
若是給全部認證主機安裝,只須要把ying02改成*
[root@ying01 salt]# salt-key Accepted Keys: ying01 ying02 ying03 Denied Keys: Unaccepted Keys: Rejected Keys: [root@ying01 salt]# salt '*' state.highstate
若是部分安裝,那麼就把不安裝 取消認證
[root@ying01 salt]# salt-key Accepted Keys: ying02 ying03 Denied Keys: Unaccepted Keys: ying01 Rejected Keys: [root@ying01 salt]# salt '*' state.highstate
注意:state.highstate會讀取全部環境(包括base環境)的top.sls文件,而且執行top.sls文件內容裏面定義的sls文件,不在top.sls文件裏面記錄的sls則不會被執行;
8、 配置管理文件
建立test.sls文件,寫入如下語句;
[root@ying01 salt]# pwd
/srv/salt
[root@ying01 salt]# vim test.sls
file_test: //配置文件名稱,能夠自定義
file.managed:
- name: /tmp/ying.com //定義name屬性
- source: salt://test/123/1.txt //定義來源目錄, salt:// == /srv/salt/(master配置文件裏面設置)
- user: root //定義全部者屬性
- group: root //定義組屬性
- mode: 600 //定義文件權限
file_test 的含義,把指定目錄下1.txt文件,同步到ying.com這個文件;修改1.txt文件內容,ying.com文件內容和其保持一致;而且指定gid、uid,以及權限;
建立test.sls文件中,定義的目錄、文件
[root@ying01 salt]# mkdir -p test/123/ //建立連級目錄 [root@ying01 salt]# touch test/123/1.txt //新建1.txt文件 [root@ying01 salt]# tree . ├── httpd.sls ├── test │ └── 123 │ └── 1.txt ├── test.sls └── top.sls 2 directories, 4 files
編輯top.sls文件,定義運行環境以及須要運行sls
[root@ying01 salt]# vim top.sls
base:
'*':
- test
針對認證主機ying02 加載top文件
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: file_test
Function: file.managed
Name: /tmp/ying.com
Result: True //運行成功
Comment: File /tmp/ying.com updated
Started: 23:50:10.716486
Duration: 428.142 ms
Changes:
----------
diff:
New file
Summary for ying02
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 428.142 ms
1.txt文件裏面爲空,因此在yong02機器上ying.com問價也爲空;
[root@ying02 ~]# ls -lt /tmp/ying.com -rw------- 1 root root 0 9月 9 23:50 /tmp/ying.com
把1.txt寫入內容
[root@ying01 salt]# echo "AAAAAAAA" >> ./test/123/1.txt
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: file_test
Function: file.managed
Name: /tmp/ying.com
Result: True
Comment: File /tmp/ying.com updated
Started: 23:54:30.173156
Duration: 70.924 ms
Changes:
----------
diff:
---
+++
@@ -0,0 +1 @@
+AAAAAAAA
Summary for ying02
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 70.924 ms
客戶端ying02上,/tmp/ying.com內容和1.txt保持一致;
[root@ying02 ~]# ls -lt /tmp/ying.com -rw------- 1 root root 9 9月 9 23:54 /tmp/ying.com [root@ying02 ~]# cat /tmp/ying.com AAAAAAAA
9、配置管理目錄
繼續建立test_dir.sls文件
[root@ying01 salt]# pwd
/srv/salt
[root@ying01 salt]# vim test_dir.sls
file_dir:
file.recurse:
- name: /tmp/testdir
- source: salt://test/123 //同步123目錄
- user: root
- file_mode: 640 //文件權限
- dir_mode: 750 //目錄權限
- mkdir: True //ture爲自動建立目錄
- clean: True //master刪除文件或者目錄,客戶端上也同樣
編輯tops.sls文件,把test_dir模塊寫入;
[root@ying01 salt]# vim top.sls
base:
'*':
- test
- test_dir
針對認證主機ying02 加載top.sls文件
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: file_test
Function: file.managed
Name: /tmp/ying.com
Result: True
Comment: File /tmp/ying.com is in the correct state
Started: 19:29:26.543760
Duration: 211.749 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 19:29:26.755899
Duration: 155.935 ms
Changes:
----------
/tmp/testdir/1.txt:
----------
diff:
New file
mode:
0640
Summary for ying02
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 367.684 ms
到客戶端ying02上查看,有/tmp/testdir目錄生成,及其目錄下1.txt生成
[root@ying02 ~]# ls -ld /tmp/testdir //目錄權限爲750 drwxr-x--- 2 root root 19 9月 10 19:29 /tmp/testdir [root@ying02 ~]# ls -l /tmp/testdir //文件權限爲640 總用量 4 -rw-r----- 1 root root 9 9月 10 19:29 1.txt [root@ying02 ~]# tree /tmp/testdir/ /tmp/testdir/ └── 1.txt
那麼在master(ying01)上,在123目錄下建立1個子目錄456
[root@ying01 salt]# mkdir test/123/456
[root@ying01 salt]# tree
.
├── httpd.sls
├── test
│ └── 123
│ ├── 1.txt
│ ├── 2.txt
│ └── 456
├── test_dir.sls
├── test.sls
└── top.sls
3 directories, 6 files
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: file_test
Function: file.managed
Name: /tmp/ying.com
Result: True
Comment: File /tmp/ying.com is in the correct state
Started: 19:39:28.107455
Duration: 72.394 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: The directory /tmp/testdir is in the correct state
Started: 19:39:28.180151
Duration: 77.957 ms
Changes:
Summary for ying02
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 150.351 ms
到客戶端ying02上查看,在/tmp/testdir目錄卻沒有456目錄生成;
[root@ying02 ~]# tree /tmp/testdir/ /tmp/testdir/ ├── 1.txt └── 2.txt 0 directories, 2 files
注意:若是source對應的目錄裏有空目錄(456)的話,客戶端上不會建立該目錄(456);
在master(ying01)機器上,在456目錄下建立8.txt文件,使其目錄不wei空;
[root@ying01 salt]# touch test/123/456/8.txt
[root@ying01 salt]# tree
.
├── httpd.sls
├── test
│ └── 123
│ ├── 1.txt
│ ├── 2.txt
│ └── 456
│ └── 8.txt
├── test_dir.sls
├── test.sls
└── top.sls
3 directories, 7 files
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: file_test
Function: file.managed
Name: /tmp/ying.com
Result: True
Comment: File /tmp/ying.com is in the correct state
Started: 19:41:22.171153
Duration: 56.488 ms
Changes:
----------
ID: file_dir
Function: file.recurse
Name: /tmp/testdir
Result: True
Comment: Recursively updated /tmp/testdir
Started: 19:41:22.227945
Duration: 202.525 ms
Changes:
----------
/tmp/testdir/456:
----------
/tmp/testdir/456:
New Dir
/tmp/testdir/456/8.txt:
----------
diff:
New file
mode:
0640
Summary for ying02
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 259.013 ms
此時在客戶端ying02上,/tmp/testdir/目錄下有456目錄及其子文件生成;
[root@ying02 ~]# tree /tmp/testdir/
/tmp/testdir/
├── 1.txt
├── 2.txt
└── 456
└── 8.txt
1 directory, 3 files
10、配置管理遠程命令
[root@ying01 salt]# vim shell_test.sls
hell_test:
cmd.script:
- source: salt://test/1.sh
- user: root
[root@ying01 salt]# vim test/1.sh
#!/bin/bash
touch /tmp/111.txt
if [ ! -d /tmp/1233 ]
then
mkdir /tmp/1233
fi
[root@ying01 salt]# vim top.sls
base:
'*':
- shell_test
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: hell_test
Function: cmd.script
Result: True
Comment: Command 'hell_test' run
Started: 21:12:27.077124
Duration: 73.007 ms
Changes:
----------
pid:
13157
retcode:
0
stderr:
stdout:
Summary for ying02
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 73.007 ms
在客戶端ying02上,檢測在/tmp/下是否有1233目錄,111.txt生成
[root@ying02 ~]# ls -lt /tmp/ 總用量 4 drwxr-xr-x 2 root root 6 9月 10 21:12 1233 //有生成 -rw-r--r-- 1 root root 0 9月 10 21:12 111.txt //有生成 drwxr-x--- 3 root root 43 9月 10 19:41 testdir srwx------ 1 mongod mongod 0 9月 10 13:37 mongodb-27017.sock drwx------ 3 root root 17 9月 10 13:35 systemd-private-0b08a1b2dc044a57b06946b4bcf525b4-chronyd.service-euzZsi drwx------ 3 root root 17 9月 10 13:35 systemd-private-0b08a1b2dc044a57b06946b4bcf525b4-vmtoolsd.service-Ijaqtz drwx------ 3 root root 17 9月 10 13:35 systemd-private-0b08a1b2dc044a57b06946b4bcf525b4-vgauthd.service-TolUVQ -rw------- 1 root root 9 9月 9 23:54 ying.com
[root@ying01 salt]# vim top.sls
base:
'*':
- cron_test
11、配置管理計劃任務
- 建立計劃任務
定義cron_test.sls配置文件
[root@ying01 salt]# vim cron_test.sls
cron_test:
cron.present:
- name: /bin/touch /tmp/111.txt
- user: root
- minute: '*'
- hour: 20
- daymonth: '*'
- month: '*'
- dayweek: '*'
建立top.sls 引導文件
[root@ying01 salt]# vim top.sls
base:
'*':
- cron_test
針對主機ying02,進行狀態刷新
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: cron_test
Function: cron.present
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt added to root's crontab
Started: 21:37:39.312465
Duration: 297.174 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary for ying02
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 297.174 ms
在主機ying02上,查看計劃任務
[root@ying02 ~]# crontab -l # Lines below here are managed by Salt, do not edit # SALT_CRON_IDENTIFIER:/bin/touch /tmp/111.txt * 20 * * * /bin/touch /tmp/111.txt
編輯 cron_test.sls配置文件,把minute 改成58分
[root@ying01 salt]# vim cron_test.sls
cron_test:
cron.present:
- name: /bin/touch /tmp/111.txt
- user: root
- minute: '58' //修改此計劃
- hour: 20
- daymonth: '*'
- month: '*'
- dayweek: '*'
再次對ying02刷新狀態
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: cron_test
Function: cron.present
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt updated
Started: 21:48:49.306192
Duration: 312.716 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary for ying02
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 312.716 ms
在主機ying02上,查看計劃任務,發現計劃任務更改,試驗成功
[root@ying02 ~]# crontab -l # Lines below here are managed by Salt, do not edit # SALT_CRON_IDENTIFIER:/bin/touch /tmp/111.txt 58 20 * * * /bin/touch /tmp/111.txt
- 刪除此計劃
把配置文件中 cron.present: 改成 cron.absent: 表示取消任務
[root@ying01 salt]# vim cron_test.sls
cron_test:
cron.absent:
- name: /bin/touch /tmp/111.txt
刷新狀態
[root@ying01 salt]# salt 'ying02' state.highstate
ying02:
----------
ID: cron_test
Function: cron.absent
Name: /bin/touch /tmp/111.txt
Result: True
Comment: Cron /bin/touch /tmp/111.txt removed from root's crontab
Started: 21:53:00.019619
Duration: 167.855 ms
Changes:
----------
root:
/bin/touch /tmp/111.txt
Summary for ying02
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 167.855 ms
此時在ying02上,查看計劃任務列表,已經爲空,說明計劃列表刪除
[root@ying02 ~]# crontab -l # Lines below here are managed by Salt, do not edit [root@ying02 ~]#
12、 saltstack – 其它經常使用命令
- 拷貝master上的文件到客戶端:cp.get_file
[root@ying01 salt]# salt -L 'ying02,ying03' cp.get_file salt://test/123/1.txt /tmp/aaa.txt
ying02:
/tmp/aaa.txt
ying03:
/tmp/aaa.txt
在客戶端ying0一、ying02上查看複製的結果;
[root@ying02 ~]# ls -l /tmp/aaa.txt -rw-r--r-- 1 root root 9 9月 11 12:03 /tmp/aaa.txt [root@ying03 ~]# ls -l /tmp/aaa.txt -rw-r--r-- 1 root root 9 9月 11 12:03 /tmp/aaa.txt
- 拷貝master上的目錄到客戶端:cp.get_dir
[root@ying01 salt]# salt 'ying0[23]' cp.get_dir salt://test/123/ /tmp/
ying03:
- /tmp//123/1.txt
- /tmp//123/2.txt
- /tmp//123/456/8.txt
ying02:
- /tmp//123/1.txt
- /tmp//123/2.txt
- /tmp//123/456/8.txt
在客戶端端查看複製結果
[root@ying02 ~]# ls -la /tmp/123 總用量 12 drwxr-xr-x 3 root root 43 9月 11 12:13 . drwxrwxrwt. 16 root root 4096 9月 11 12:13 .. -rw-r--r-- 1 root root 9 9月 11 12:13 1.txt -rw-r--r-- 1 root root 9 9月 11 12:13 2.txt drwxr-xr-x 2 root root 19 9月 11 12:13 456
- 顯示存活的minion
[root@ying01 salt]# salt-run manage.up - ying01 - ying02 - ying03
- 批量執行腳本,命令行下執行master上的shell腳本
[root@ying01 salt]# salt '*' cmd.script salt://test/1.sh
ying02:
----------
pid:
19885
retcode:
0
stderr:
stdout:
ying03:
----------
pid:
4331
retcode:
0
stderr:
stdout:
ying01:
----------
pid:
34919
retcode:
0
stderr:
stdout:
十3、salt-ssh使用
salt-ssh不須要對客戶端作認證,客戶端也不用安裝salt-minion,它相似pssh/expect
編輯roster文件,添加如下機器的內容
[root@ying01 salt]# vim /etc/salt/roster ying01 host: 192.168.112.136 user: root passwd: ssss1234 ying02 host: 192.168.112.138 user: root passwd: ssss1234 ying03 host: 192.168.112.139 user: root passwd: ssss1234
第一次執行的時候會自動把本機的公鑰放到對方機器上,而後就能夠把roster裏面的密碼去掉
[root@ying01 salt]# salt-ssh --key-deploy '*' -r 'w'
ying03:
----------
retcode:
0
stderr:
stdout:
root@192.168.112.139's password:
12:41:34 up 12:42, 1 user, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.112.1 11:49 27:10 0.04s 0.04s -bash
ying02:
----------
retcode:
0
stderr:
stdout:
root@192.168.112.138's password:
12:41:34 up 12:42, 1 user, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.112.1 11:49 27:18 0.12s 0.12s -bash
ying01:
----------
retcode:
0
stderr:
stdout:
root@192.168.112.136's password:
12:41:34 up 12:42, 1 user, load average: 0.20, 0.06, 0.08
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.112.1 11:49 14.00s 11.02s 1.11s /usr/bin/python /usr/bin/salt-ssh --key-deploy * -r w
[root@ying01 salt]#
刪除登陸密碼
如今再編輯roster文件,把個機器的密碼取消;
[root@ying01 salt]# vim /etc/salt/roster ying01: host: 192.168.112.136 user: root ying02: host: 192.168.112.138 user: root ying03: host: 192.168.112.139 user: root ~
再執行命令,可以成功,說明公鑰已經推送到各個客戶端上
[root@ying01 salt]# salt-ssh --key-deploy '*' -r 'w'
ying01:
----------
retcode:
0
stderr:
stdout:
12:46:48 up 12:47, 1 user, load average: 0.04, 0.05, 0.06
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.112.1 11:49 8.00s 2.11s 0.11s /usr/bin/python /usr/bin/salt-ssh --key-deploy * -r w
ying03:
----------
retcode:
0
stderr:
stdout:
12:46:48 up 12:47, 1 user, load average: 0.05, 0.03, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.112.1 11:49 2:32 0.04s 0.04s -bash
ying02:
----------
retcode:
0
stderr:
stdout:
12:46:48 up 12:47, 1 user, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.112.1 11:49 2:32 0.12s 0.12s -bash
相關文章
- 1. 自動化運維(一)——Saltstack
- 2. 自動化運維之saltstack
- 3. Saltstack自動化運維
- 4. 【0723】自動化運維——saltstack
- 5. 自動化運維之Saltstack
- 6. saltstack 自動化運維
- 7. Saltstack 自動化運維
- 8. 一、自動化運維之SaltStack實踐
- 9. 自動化運維——saltstack的部署
- 10. 101: 自動化運維saltstack ansible
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • Spring自動裝配Bean - Spring教程
- • SpringBoot中properties文件不能自動提示解決方法
- • IntelliJ IDEA中SpringBoot properties文件不能自動提示問題解決
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
