一、自動化運維之SaltStack實踐

                           自動化運維之SaltStack實踐

1.一、環境

linux-node1(master服務端)	192.168.0.15
linux-node2(minion客戶端)	192.168.0.16

1.二、SaltStack三種運行模式介紹

Local	本地
Master/Minion	傳統運行方式(server端跟agent端)
Salt SSH	SSH

1.三、SaltStack三大功能

●遠程執行

●配置管理

●雲管理

1.四、SaltStack安裝基礎環境準備

[root@linux-node1 ~]# cat /etc/redhat-release  ##查看系統版本

CentOS release 6.7 (Final)

[root@linux-node1 ~]# uname -r ##查看系統內核版本

2.6.32-573.el6.x86_64

[root@linux-node1 ~]# getenforce ##查看selinux的狀態

Enforcing

[root@linux-node1 ~]# setenforce 0 ##關閉selinux

[root@linux-node1 ~]# getenforce  

Permissive

[root@linux-node1 ~]# /etc/init.d/iptables stop

[root@linux-node1 ~]# /etc/init.d/iptables stop

[root@linux-node1 ~]# ifconfig eth0|awk -F '[: ]+' 'NR==2{print $4}' ##過濾Ip地址

192.168.0.15

[root@linux-node1 ~]# hostname ##查看主機名

linux-node1.zhurui.com

[root@linux-node1 yum.repos.d]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo  ##安裝salt必須使用到epel源 

1.四、安裝 Salt

服務端：

[root@linux-node1 yum.repos.d]# yum install -y salt-master salt-minion ##salt-master包跟salt-minion包

[root@linux-node1 yum.repos.d]# chkconfig salt-master on   ##加入到開機自動啓動

[root@linux-node1 yum.repos.d]# chkconfig salt-minion on   ##加入到開機自動啓動

[root@linux-node1 yum.repos.d]# /etc/init.d/salt-master start   ##啓動salt-master

Starting salt-master daemon:                                   [  OK  ]

啓動到這裏須要修改minion配置文件，才能啓動salt-minion服務

[root@linux-node1 yum.repos.d]# grep '^[a-z]' /etc/salt/minion   

master: 192.168.0.15   ##指定master主機

[root@linux-node1 yum.repos.d]# cat /etc/hosts

192.168.0.15 linux-node1.zhurui.com linux-node1  ##確認主機名是否解析

192.168.0.16 linux-node2.zhurui.com linux-node2

解析結果：

1. [root@linux-node1 yum.repos.d]# ping linux-node1.zhurui.com
2. PING linux-node1.zhurui.com (192.168.0.15)56(84) bytes of data.
3. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=1 ttl=64 time=0.087 ms
4. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=2 ttl=64 time=0.060 ms
5. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=3 ttl=64 time=0.053 ms
6. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=4 ttl=64 time=0.060 ms
7. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=5 ttl=64 time=0.053 ms
8. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=6 ttl=64 time=0.052 ms
9. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=7 ttl=64 time=0.214 ms
10. 64 bytes from linux-node1.zhurui.com (192.168.0.15): icmp_seq=8 ttl=64 time=0.061 ms

[root@linux-node1 yum.repos.d]# /etc/init.d/salt-minion start   ##啓動minion客戶端

Starting salt-minion daemon:                               [  OK  ]

[root@linux-node1 yum.repos.d]#

客戶端：

[root@linux-node2 ~]# yum install -y salt-minion  ##安裝salt-minion包，至關於客戶端包

[root@linux-node2 ~]# chkconfig salt-minion on  ##加入開機自啓動

[root@linux-node2 ~]# grep '^[a-z]' /etc/salt/minion   ##客戶端指定master主機

master: 192.168.0.15

[root@linux-node2 ~]# /etc/init.d/salt-minion start   ##接着啓動minion

Starting salt-minion daemon:                               [  OK  ]

1.五、 Salt祕鑰認證設置

1.5.1使用salt-kes -a linux*命令以前在目錄/etc/salt/pki/master目錄結構以下

1.5.2使用salt-kes -a linux*命令將祕鑰經過容許，隨後minions_pre下的文件會轉移到minions目錄下

1. [root@linux-node1 minion]# salt-key -a linux*
2. The following keys are going to be accepted:
3. UnacceptedKeys:
4. linux-node1.zhurui.com
5. linux-node2.zhurui.com
6. Proceed?[n/Y] Y
7. Keyfor minion linux-node1.zhurui.com accepted.
8. Keyfor minion linux-node2.zhurui.com accepted.
9. [root@linux-node1 minion]# salt-key
10. AcceptedKeys:
11. linux-node1.zhurui.com
12. linux-node2.zhurui.com
13. DeniedKeys:
14. UnacceptedKeys:
15. RejectedKeys:

1.5.3此時目錄機構變化成以下：

1.5.4而且伴隨着客戶端/etc/salt/pki/minion/目錄下有master公鑰生成

1.六、salt遠程執行命令詳解

1.6.1  salt '*' test.ping 命令

[root@linux-node1 master]# salt '*' test.ping   ##salt命令  test.ping的含義是，test是一個模塊，ping是模塊內的方法

linux-node2.zhurui.com:

    True

linux-node1.zhurui.com:

    True

[root@linux-node1 master]# 

1.6.2   salt '*' cmd.run 'uptime' 命令

1.七、saltstack配置管理

1.7.1編輯配置文件/etc/salt/master,將file_roots註釋去掉

1.7.2接着saltstack遠程執行以下命令

[root@linux-node1 master]# ls /srv/

[root@linux-node1 master]# mkdir /srv/salt

[root@linux-node1 master]# /etc/init.d/salt-master restart

Stopping salt-master daemon:                               [  OK  ]

Starting salt-master daemon:                                 [  OK  ]

[root@linux-node1 salt]# cat apache.sls   ##進入到/srv/salt/目錄下建立

[root@linux-node1 salt]# salt '*' state.sls apache  ##接着執行以下語句

接着會出現以下報錯：

便捷apache.sls文件添加以下：

最後成功以下：

1. [root@linux-node1 salt]# salt '*' state.sls apache
2. linux-node2.zhurui.com:
3. ----------
4. ID: apache-install
5. Function: pkg.installed
6. Name: httpd
7. Result:True
8. Comment:Package httpd is already installed.
9. Started:22:38:52.954973
10. Duration:1102.909 ms
11. Changes:
12. ----------
13. ID: apache-install
14. Function: pkg.installed
15. Name: httpd-devel
16. Result:True
17. Comment:Package httpd-devel is already installed.
18. Started:22:38:54.058190
19. Duration:0.629 ms
20. Changes:
21. ----------
22. ID: apache-service
23. Function: service.running
24. Name: httpd
25. Result:True
26. Comment:Service httpd has been enabled, and is running
27. Started:22:38:54.059569
28. Duration:1630.938 ms
29. Changes:
30. ----------
31. httpd:
32. True
34. Summary
35. ------------
36. Succeeded:3(changed=1)
37. Failed:0
38. ------------
39. Total states run:3
40. linux-node1.zhurui.com:
41. ----------
42. ID: apache-install
43. Function: pkg.installed
44. Name: httpd
45. Result:True
46. Comment:Package httpd is already installed.
47. Started:05:01:17.491217
48. Duration:1305.282 ms
49. Changes:
50. ----------
51. ID: apache-install
52. Function: pkg.installed
53. Name: httpd-devel
54. Result:True
55. Comment:Package httpd-devel is already installed.
56. Started:05:01:18.796746
57. Duration:0.64 ms
58. Changes:
59. ----------
60. ID: apache-service
61. Function: service.running
62. Name: httpd
63. Result:True
64. Comment:Service httpd has been enabled, and is running
65. Started:05:01:18.798131
66. Duration:1719.618 ms
67. Changes:
68. ----------
69. httpd:
70. True
72. Summary
73. ------------
74. Succeeded:3(changed=1)
75. Failed:0
76. ------------
77. Total states run:3
78. [root@linux-node1 salt]#

1.7.3驗證使用saltstack安裝httpd是否成功

linux-node1:

[root@linux-node1 salt]# lsof -i:80   ##已經成功啓動

COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

httpd   7397   root    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7399 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7400 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7401 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7403 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7404 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7405 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7406 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

httpd   7407 apache    4u  IPv6  46164      0t0  TCP *:http (LISTEN)

linux-node2:

[root@linux-node2 pki]# lsof -i:80

COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

httpd   12895   root    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12897 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12898 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12899 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12901 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12902 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12906 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12908 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

httpd   12909 apache    4u  IPv6  47532      0t0  TCP *:http (LISTEN)

[root@linux-node2 pki]# 

1.7.4使用saltstack狀態管理

[root@linux-node1 salt]# salt '*' state.highstate

2.一、 SaltStack之 Grains 數據系統

●Grains

●Pillar

2.1.1使用salt命令查看系統版本

2. [root@linux-node1 salt]# salt 'linux-node1*' grains.ls
3. linux-node1.zhurui.com:
4. -SSDs
5. - biosreleasedate
6. - biosversion
7. - cpu_flags
8. - cpu_model
9. - cpuarch
10. - domain
11. - fqdn
12. - fqdn_ip4
13. - fqdn_ip6
14. - gpus
15. - host
16. - hwaddr_interfaces
17. - id
18. - init
19. - ip4_interfaces
20. - ip6_interfaces
21. - ip_interfaces
22. - ipv4
23. - ipv6
24. - kernel
25. - kernelrelease
26. - locale_info
27. - localhost
28. - lsb_distrib_codename
29. - lsb_distrib_id
30. - lsb_distrib_release
31. - machine_id
32. - manufacturer
33. - master
34. - mdadm
35. - mem_total
36. - nodename
37. - num_cpus
38. - num_gpus
39. - os
40. - os_family
41. - osarch
42. - oscodename
43. - osfinger
44. - osfullname
45. - osmajorrelease
46. - osrelease
47. - osrelease_info
48. - path
49. - productname
50. - ps
51. - pythonexecutable
52. - pythonpath
53. - pythonversion
54. - saltpath
55. - saltversion
56. - saltversioninfo
57. - selinux
58. - serialnumber
59. - server_id
60. - shell
61. - virtual
62. - zmqversion
63. [root@linux-node1 salt]#

2.1.2系統版本相關信息：

1. [root@linux-node1 salt]# salt 'linux-node1*' grains.items
2. linux-node1.zhurui.com:
3. ----------
4. SSDs:
5. biosreleasedate:
6. 07/31/2013
7. biosversion:
8. 6.00
9. cpu_flags:
10. - fpu
11. - vme
12. - de
13. - pse
14. - tsc
15. - msr
16. - pae
17. - mce
18. - cx8
19. - apic
20. - sep
21. - mtrr
22. - pge
23. - mca
24. - cmov
25. - pat
26. - pse36
27. - clflush
28. - dts
29. - mmx
30. - fxsr
31. - sse
32. - sse2
33. - ss
34. - syscall
35. - nx
36. - rdtscp
37. - lm
38. - constant_tsc
39. - up
40. - arch_perfmon
41. - pebs
42. - bts
43. - xtopology
44. - tsc_reliable
45. - nonstop_tsc
46. - aperfmperf
47. - unfair_spinlock
48. - pni
49. - ssse3
50. - cx16
51. - sse4_1
52. - sse4_2
53. - x2apic
54. - popcnt
55. - hypervisor
56. - lahf_lm
57. - arat
58. - dts
59. cpu_model:
60. Intel(R)Core(TM) i3 CPU M 380@2.53GHz
61. cpuarch:
62. x86_64
63. domain:
64. zhurui.com
65. fqdn:
66. linux-node1.zhurui.com
67. fqdn_ip4:
68. -192.168.0.15
69. fqdn_ip6:
70. gpus:
71. |_
72. ----------
73. model:
74. SVGA II Adapter
75. vendor:
76. unknown
77. host:
78. linux-node1
79. hwaddr_interfaces:
80. ----------
81. eth0:
82. 00:0c:29:fc:ba:90
83. lo:
84. 00:00:00:00:00:00
85. id:
86. linux-node1.zhurui.com
87. init:
88. upstart
89. ip4_interfaces:
90. ----------
91. eth0:
92. -192.168.0.15
93. lo:
94. -127.0.0.1
95. ip6_interfaces:
96. ----------
97. eth0:
98. - fe80::20c:29ff:fefc:ba90
99. lo:
100. -::1
101. ip_interfaces:
102. ----------
103. eth0:
104. -192.168.0.15
105. - fe80::20c:29ff:fefc:ba90
106. lo:
107. -127.0.0.1
108. -::1
109. ipv4:
110. -127.0.0.1
111. -192.168.0.15
112. ipv6:
113. -::1
114. - fe80::20c:29ff:fefc:ba90
115. kernel:
116. Linux
117. kernelrelease:
118. 2.6.32-573.el6.x86_64
119. locale_info:
120. ----------
121. defaultencoding:
122. UTF8
123. defaultlanguage:
124. en_US
125. detectedencoding:
126. UTF-8
127. localhost:
128. linux-node1.zhurui.com
129. lsb_distrib_codename:
130. Final
131. lsb_distrib_id:
132. CentOS
133. lsb_distrib_release:
134. 6.7
135. machine_id:
136. da5383e82ce4b8d8a76b5a3e00000010
137. manufacturer:
138. VMware,Inc.
139. master:
140. 192.168.0.15
141. mdadm:
142. mem_total:
143. 556
144. nodename:
145. linux-node1.zhurui.com
146. num_cpus:
147. 1
148. num_gpus:
149. 1
150. os:
151. CentOS
152. os_family:
153. RedHat
154. osarch:
155. x86_64
156. oscodename:
157. Final
158. osfinger:
159. CentOS-6
160. osfullname:
161. CentOS
162. osmajorrelease:
163. 6
164. osrelease:
165. 6.7
166. osrelease_info:
167. -6
168. -7
169. path:
170. /sbin:/usr/sbin:/bin:/usr/bin
171. productname:
172. VMwareVirtualPlatform
173. ps:
174. ps -efH
175. pythonexecutable:
176. /usr/bin/python2.6
177. pythonpath:
178. -/usr/bin
179. -/usr/lib64/python26.zip
180. -/usr/lib64/python2.6
181. -/usr/lib64/python2.6/plat-linux2
182. -/usr/lib64/python2.6/lib-tk
183. -/usr/lib64/python2.6/lib-old
184. -/usr/lib64/python2.6/lib-dynload
185. -/usr/lib64/python2.6/site-packages
186. -/usr/lib64/python2.6/site-packages/gtk-2.0
187. -/usr/lib/python2.6/site-packages
188. pythonversion:
189. -2
190. -6
191. -6
192. - final
193. -0
194. saltpath:
195. /usr/lib/python2.6/site-packages/salt
196. saltversion:
197. 2015.5.10
198. saltversioninfo:
199. -2015
200. -5
201. -10
202. -0
203. selinux:
204. ----------
205. enabled:
206. True
207. enforced:
208. Permissive
209. serialnumber:
210. VMware-564d8f43912d3a99-eb c4 3b a9 34 fc ba 90
211. server_id:
212. 295577080
213. shell:
214. /bin/bash
215. virtual:
216. VMware
217. zmqversion:
218. 3.2.5

2.1.3系統版本相關信息：

2.1.4查看node1全部ip地址：

[root@linux-node1 salt]# salt 'linux-node1*' grains.get ip_interfaces:eth0 ##用於信息的收集

linux-node1.zhurui.com:

    - 192.168.0.15

    - fe80::20c:29ff:fefc:ba90

2.1.4使用Grains收集系統信息：

[root@linux-node1 salt]# salt 'linux-node1*' grains.get os 

linux-node1.zhurui.com:

    CentOS

[root@linux-node1 salt]# salt -G os:CentOS cmd.run 'w'   ##  -G:表明使用Grains收集，使用w命令，查看登陸信息

linux-node2.zhurui.com:

     20:29:40 up 2 days, 16:09,  2 users,  load average: 0.00, 0.00, 0.00

    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    root     tty1     -                Sun14   29:07m  0.32s  0.32s -bash

    root     pts/0    192.168.0.101    Sun20   21:41m  0.46s  0.46s -bash

linux-node1.zhurui.com:

     02:52:01 up 1 day, 22:31,  3 users,  load average: 4.00, 4.01, 4.00

    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    root     tty1     -                Sat20   24:31m  0.19s  0.19s -bash

    root     pts/0    192.168.0.101    Sun02    1.00s  1.33s  0.68s /usr/bin/python

    root     pts/1    192.168.0.101    Sun04   21:36m  0.13s  0.13s -bash

[root@linux-node1 salt]# 

截圖以下：

2.1.5 使用Grains規則匹配到memcache的主機上運行輸入hehe

[root@linux-node1 salt]# vim /etc/salt/minion ##編輯minion配置文件，取消以下幾行註釋

88 grains:

 89   roles:

 90     - webserver

 91     - memcache

 截圖以下：

[root@linux-node1 salt]# /etc/init.d/salt-minion restart   ##

Stopping salt-minion daemon:                               [  OK  ]

Starting salt-minion daemon:                               [  OK  ]

[root@linux-node1 salt]# 

[root@linux-node1 salt]# salt -G 'roles:memcache' cmd.run 'echo zhurui'  ##使用grains匹配規則是memcache的客戶端機器，而後輸出命令

linux-node1.zhurui.com:

    zhurui

[root@linux-node1 salt]#

截圖以下：

2.1.5 也能夠經過建立新的配置文件/etc/salt/grains文件來配置規則

[root@linux-node1 salt]# cat /etc/salt/grains 

web: nginx

[root@linux-node1 salt]# /etc/init.d/salt-minion restart   ##修改完配置文件之後須要重啓服務

Stopping salt-minion daemon:                               [  OK  ]

Starting salt-minion daemon:                               [  OK  ]

[root@linux-node1 salt]# 

[root@linux-node1 salt]# salt -G web:nginx cmd.run 'w'   ##使用grains匹配規則爲web:nginx的主機運行命令w

linux-node1.zhurui.com:

     03:31:07 up 1 day, 23:11,  3 users,  load average: 4.11, 4.03, 4.01

    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

    root     tty1     -                Sat20   25:10m  0.19s  0.19s -bash

    root     pts/0    192.168.0.101    Sun02    0.00s  1.41s  0.63s /usr/bin/python

    root     pts/1    192.168.0.101    Sun04   22:15m  0.13s  0.13s -bash

 

grains的用法：

1.收集底層系統信息

二、遠程執行裏面匹配minion

三、top.sls裏面匹配minion

 

2.1.5 也能夠/srv/salt/top.sls配置文件匹配minion

 

[root@linux-node1 salt]# cat /srv/salt/top.sls 

base:

  'web:nginx':

    - match: grain

    - apache

[root@linux-node1 salt]# 

2.二、 SaltStack之 Pillar 數據系統

2.2.1 首先在master配置文件552行打開pillar開關

 

[root@linux-node1 salt]# grep '^[a-z]' /etc/salt/master 

file_roots:

pillar_opts: True

[root@linux-node1 salt]# /etc/init.d/salt-master restart   ##重啓master

Stopping salt-master daemon:                               [  OK  ]

Starting salt-master daemon:                                 [  OK  ]

[root@linux-node1 salt]# salt '*' pillar.items  ##使用以下命令驗證

截圖以下：

[root@linux-node1 salt]# grep '^[a-z]' /etc/salt/master

529 pillar_roots:  ##打開以下行

530   base:

531     - /srv/pillar

截圖以下：

[root@linux-node1 salt]# mkdir /srv/pillar

[root@linux-node1 salt]# /etc/init.d/salt-master restart   ##重啓master

Stopping salt-master daemon:                               [  OK  ]

Starting salt-master daemon:                                 [  OK  ]

[root@linux-node1 salt]# vim /srv/pillar/apache.sls

[root@linux-node1 salt]# cat /srv/pillar/apache.sls

{%if grains['os'] == 'CentOS' %}

apache: httpd

{% elif grains['os'] == 'Debian' %}

apache: apache2

{% endif %}

[root@linux-node1 salt]# 

截圖以下：

接着指定哪一個minion能夠看到：

[root@linux-node1 salt]# cat /srv/pillar/top.sls 

base:

  '*':

    - apache

 

[root@linux-node1 salt]# salt '*' pillar.items ##修改完成之後使用該命令驗證

linux-node1.zhurui.com:

    ----------

    apache:

        httpd

linux-node2.zhurui.com:

    ----------

    apache:

        httpd

截圖以下：

2.2.1 使用Pillar定位主機

報錯處理：

[root@linux-node1 salt]# salt '*' saltutil.refresh_pillar  ##須要執行刷新命令

linux-node2.zhurui.com:

    True

linux-node1.zhurui.com:

    True

[root@linux-node1 salt]# 

截圖以下：

[root@linux-node1 salt]# salt -I 'apache:httpd' test.ping

linux-node1.zhurui.com:

    True

linux-node2.zhurui.com:

    True

[root@linux-node1 salt]# 

 

2.三、 SaltStack 數據系統區別介紹

名稱	存儲位置	數據類型	數據採集更新方式	應用
Grains	minion端	靜態數據	minion啓動時收集，也可使用saltutil.sync_grains進行刷新。	存儲minion基本數據，好比用於匹配minion,自身數據能夠用來作資產管理等。
Pillar	master端	動態數據	在master端定義，指定給對應的minion，可使用saltutil.refresh_pillar刷新	存儲Master指定的數據，只有指定的minion能夠看到，用於敏感數據保存。